This PoC demonstrates a 2-click binary planting exploit through Internet Explorer on 32-bit Windows XP using a .wri file placed inside a remote special folder (as described in
The Anatomy of COM Server-Based Binary Planting Exploits
).