Microsoft Windows XP Explorer allows local users to execute arbitrary code via a system folder with a Desktop.ini file containing a .ShellClassInfo specifier with a CLSID value that is associated with an executable file.
https://exchange.xforce.ibmcloud.com/vulnerabilities/16171
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-015