1) Insufficient validation of drag and drop events from the “Internet” zone to local resources for valid images or media files with embedded HTML code. This can be exploited by e.g. a malicious web site to plant arbitrary HTML documents on a user’s system, which may allow execution of arbitrary script code in the “Local Computer” zone.

This vulnerability is a variant of:
SA12321

NOTE: Microsoft Windows XP SP2 does not allow Active Scripting in the “Local Computer” zone.

2) A security site / zone restriction error, where an embedded HTML Help control on e.g. a malicious web site references a specially crafted index (.hhk) file, can execute local HTML documents or inject arbitrary script code in context of a previous loaded document using a malicious javascript URI handler.

Successful exploitation may allow execution of arbitrary HTML and script code in a user’s browser session in context of arbitrary sites, or execution of local programs with parameters from the “Local Computer” zone using a HTML Help shortcut.

NOTE: This will bypass the “Local Computer” zone lockdown security feature in SP2.

3) A security site / zone restriction error in the handling of the “Related Topics” command in an embedded HTML Help control can be exploited by e.g. a malicious website to execute arbitrary script code in the context of arbitrary sites or zones.
…