It's not necessarily a 'bug'.
Keep in mind that the Windows Help feature is HTML and therefore IE based.
If you open up Windows Help, or the MSDN you'll see that all of it's links
and references are either file:// or help://. IE is just set up to handle
protocol references the same way Explorer is set up to handle file
extensions.
So when you drop help:// into IE, it's only natural for it to try to open up
what it thinks will be an HTML based help page. Granted, this can be
exploitable if you were to slip some malicious JS into the 'Help' page and
get a user to click on it.
RH
-----Original Message-----
From: NETKOJI [mailto:netkoji_at_poczta.onet.pl]
Sent: Thursday, 8 July 2004 8:17 AM
To: vuln-dev_at_securityfocus.com
Subject: Re: help:// protocol in Windows XP Prof
Hello vuln-dev,
Bartosz Kwitkowski wrote:
>
> There is funny thing in Internet Explorer 6.0 - Windows XP Professional
(fully patched).
> When you are writing address in IE you can replace http:// by help://
> example:
> http://wb.pl/bartosz = help://wb.pl/bartosz
> and than hit <ENTER>... Page will open...
> other...
> help://www.securityfocus.com - looks funny, isn't? :-)
> when IE opens page changes help:// to http://
> BUT, BUT,
> when you are create hyperlink check
> it won't work - IE says syntax error...
> I'm trying to exploit this...
> Best regards,
> Bartosz Kwitkowski
>
The same 'bug' applies to all other IE browsers below 6.0 (Win98SE and
Win2K). Doesn't look like anything dangerous to me though...
NETKOJI
Received on Jul 10 2004
Intro
