Welcome to the Virus Encyclopedia of Panda Security.
|Effects: ||It uses an Internet Explorer vulnerability to download and run files on the affected computer.|
|Detection updated on:||Feb. 27, 2004|
Exploit.CHM is malicious code that could be hosted in a web page in order to exploit a vulnerability in the browser Internet Explorer. Affected versions are: 5.01, 5.5 and 6.0 with Service Pack 1.
If an HTML file (for example, a web page) loads a file with a CHM (Compiled HTML) extension using a concrete sequence, the CHM file would be copied to the hard drive of the affected computer, and the script code it contained (as part of the HTML file) would be run. This allows to run arbitrary code on the affected computer, without user's intervention, just by accessing a malicious web page.
Exploit.CHM is being used in order to download and run Trojans and other malware on affected computers.
Currently, there is no security patch available for this vulnerability.