Tavis Ormandy – the well-known Google security researcher who discovered the feature/vulnerability in Java back in April and forced Sun to patch it up swiftly by releasing the details to the public – has done it again.
This time, the vulnerability exists in the Windows Help and Support Center function (helpctr.exe). It affects only Windows XP and Windows Server 2003, but it could allow remote code execution if a user views a specially crafted Web page using a Web browser or clicks a specially crafted link in an e-mail message.
Microsoft is displeased with the disclosure of the vulnerability. “This issue was reported to us on June 5th, 2010 by a Google security researcher and then made public less than four days later, on June 9th, 2010. Public disclosure of the details of this vulnerability and how to exploit it, without giving us time to resolve the issue for our potentially affected customers, makes broad attacks more likely and puts customers at risk,” it says on its Security Response Center blog.
The company issued a security advisory that lists mitigating factors and a workaround, saying that the vulnerability is not being exploited in the wild.