Okay, so check this out. Right click on the desktop hover over "new" select "shortcut" have the shortcut point to any .exe file name the shortcut www.microsoft.com open internet explorer and type in www.microsoft.com ...hahahahahahha, see the potential? So if you were to say, place a cookie & registry entry, or have a java app or cgi script that placed a shortcut pointing to a program on someone else's computer and named with a url that you'd make them visit later... with a simple browser hijack exploit, you could easily access any executable file on their system at any point you wanted. This could be used in all sorts of creative ways to wreak havoc, think about it. You could use this little trick to turn on someone's webcam without their knowledge, you could send stuff to their printers and freak them out, fire up their copy of quickbooks and access accounting records, open thier email client, etc... The possiblities are near limitless and they haven't figured out a patch for it yet. Another reason not to use Internet Explorer, because until they patch this, this one has huge potential. It doesn't, however, work with firefox, safari, or opera. So if you're using a good browser, no need to worry. But if you know someone still in the stone ages, you could really have at 'em with this one
Thats pretty neat but if you had access to create the shortcut you already have all the access you need to do the other things without using IE to launch it.