Microsoft Windows XP HCP URI Handler Arbitrary Command Execution Vulnerability

Microsoft Windows XP HCP URI Handler Arbitrary Command Execution Vulnerability

The following examples have been supplied:

hcp://services/layout/contentonly?topic=...

where ... is a correct URL

http:// for page
file:/// for run (remember use / (slash) in path e.g. c:/windows/system32/...

The following additional example vectors have been supplied:
hcp://services/layout/fullwindow?topic=
hcp://services/centers/support?topic=

Additional proof-of-concepts were provided in the "IE ms-its: and mk:@MSITStore: vulnerability" BugTraq post by Roozbeh Afrasiabi.