XP/IE: Vulnerability in VBScript Could Allow Remote Code Execution (deprecated) Microsoft Windows OS (XP/NT/Vista) forum at WebmasterWorld

Welcome to WebmasterWorld Guest from 23.22.212.158
register, login, search, subscribe, help, library, PubCon, announcements, recent posts, open posts,

Pubcon Platinum Sponsor

Home / Forums Index / Microsoft / (deprecated) Microsoft Windows OS (XP/NT/Vista)

Forum Library : Charter : Moderators: bill
(deprecated) Microsoft Windows OS (XP/NT/Vista) Forum

XP/IE: Vulnerability in VBScript Could Allow Remote Code Execution
don't press the F1 key in IE on Win2K/XP/Server 2003

phranque

msg:4091316

10:34 am on Mar 4, 2010 (gmt 0)

Microsoft Security Advisory (981169):

Microsoft is investigating new public reports of a vulnerability in VBScript that is exposed on supported versions of Microsoft Windows 2000, Windows XP, and Windows Server 2003 through the use of Internet Explorer. Our investigation has shown that the vulnerability cannot be exploited on Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008.

...

The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user.

Global Options:

top

home

open messages

active posts

Home / Forums Index / Microsoft / (deprecated) Microsoft Windows OS (XP/NT/Vista)

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
WebmasterWorld ® and PubCon ® are a Registered Trademarks of Pubcon Inc.
© Pubcon Inc. 1996-2012 all rights reserved

(deprecated) Microsoft Windows OS (XP/NT/Vista) Forum