Sniper write-up by limbernie

RFI with SMB for the initial foothold and then client-side exploit with a malicious Microsoft Compiled HTML Help file to own it.