Microsoft Internet Explorer Malicious Shortcut Self-Executing HTML Vulnerability
A vulnerability has been reported that may permit remote attackers to execute arbitrary code on client systems running Microsoft Internet Explorer. This issue may be exploited from within a specially crafted self-executing HTML file, by visiting a malicious web page.
The malicious self-executing HTML file includes embedded script code that abuses Shell Helper objects to obtain a shortcut file (.lnk), change its parameters, save it to disk and then execute the file pointed to by the shortcut. This will result in execution of arbitrary code.
This issue is similar to the vulnerability described in BID 8984.
Separate sources have reported conflicting details. One source claims that this issue only works if the self-executing file is run in the context of the Local Zone. The other source implies that this works from a remote site on some Windows platforms but on Windows 2003 it will not work remotely and would likely require another vulnerability to cause the self-executing HTML file to be interpreted in the context of the Local Zone.