Microsoft Corporation Information for VU#25249
HHControl Object (showHelp) may execute shortcuts embedded in help files
- Vendor Information Help Date Notified: 05 Jun 2000
- Statement Date:
- Date Updated: 25 Oct 2000
Microsoft recommends customers using Microsoft Internet Explorer version 4.0, 4.01, 5.0, or 5.01 apply the patch discussed in http://microsoft.com/technet/security/bulletin/ms00-037.asp and routinely use the Security Zones feature.
The Security Zones feature of Internet Explorer allows you to categorize the web sites you visit and specify what the sites in a particular category should be allowed to do. Since most people visit a small number of familiar, professionally-operated web sites, and it's unlikely that such a site would pose any risk, we recommend putting the sites that you visit frequently and trust into the Trusted Zone. All sites that you haven't otherwise categorized will reside in the Internet Zone. You can then configure the zones to give the appropriate privileges to the web sites in each of these zones.
In addition Microsoft recommends Outlook users install the Outlook Security Update http://www.officeupdate.com/2000/downloaddetails/Out2ksec.htm to protect against mail-borne attacks.
The vendor has not provided us with any further information regarding this vulnerability.
As described in the Vulnerability Note and in the CERT Advisory, there are several configurations which continue to be vulnerable to this problem.
If you have feedback, comments, or additional information about this vulnerability, please send us email.