Public exploits available
A vulnerability exists in the HTML Help ActiveX control that could allow remote code execution on an affected system.
An attacker who successfully exploited this vulnerability could take complete control of an affected system.
An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially allow remote code execution if a user visited that page. HHCtrl object could be exploited by indexing into this object and setting memory locations with large buffers.
All applications not on the affected list.
No known false positives at this time.
Disable the HTML Help ActiveX control from running within Internet Explorer 6 for Windows XP Service Pack 2.
Set Internet and Local intranet security zone settings to “High” to prompt before running ActiveX controls and active scripting in the Internet zone and in the Local intranet zone.
Restrict Web sites to only your trusted Web sites. Temporarily disable the HTML Help ActiveX control from running in Internet Explorer.