Description
The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Pauli Ojanpera · textlocalwindows
https://www.exploit-db.com/exploits/19673
References (1)
Core 1
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/868
Scores
EPSS
0.0047
EPSS Percentile
64.7%
Details
Status
published
Products (3)
microsoft/windows_95
microsoft/windows_98
microsoft/windows_nt
4.0
Published
Dec 10, 1999
Tracked Since
Feb 18, 2026