iDEFENSE Security Advisory 04.12.05 (d) – MSHTA vulnerabilities allow attacker-specified programs to be run by specifying a CLSID associated with the desired program.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/37189/04.12.05d.txt
Source: https://packetstormsecurity.com/files/37189/04.12.05d.txt.html