Public exploits available
A remote code execution vulnerability exists in the HTML Help ActiveX control. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user visited that page.
An attacker who successfully exploited this vulnerability could run arbitrary code on a users system. This could allow an attacker to take complete control of the affected system.
HTML Help ActiveX control methods do not perform sufficient parameter validation. An unitialized variable that is used in certain methods of HHCtrl ActiveX control can be exploited because proper set up is not done in the object param attributes.
No known false positives at this time.
Temporarily prevent the HTML Help ActiveX control from running in Internet Explorer.