Zero Day Initiative Advisory 10-016 – This vulnerability allows remote attackers to force a Microsoft Windows system to execute a given local executable. User interaction is required in that the target must access a malicious URL. The specific flaw exists within the ShellExecute API. Using a specially formatted URL an attacker can bypass sanitization checks within this function and force the calling application into running an executable of their choice. Successful exploitation requires a useful binary to exist in a predictable location on the remote system.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/86096/ZDI-10-016.txt
Source: https://packetstormsecurity.com/files/86096/Zero-Day-Initiative-Advisory-10-016.html