Welcome to WebmasterWorld Guest from 54.167.157.247

Forum Moderators: bill

Message Too Old, No Replies

XP/IE: Vulnerability in VBScript Could Allow Remote Code Execution

don't press the F1 key in IE on Win2K/XP/Server 2003

   
10:34 am on Mar 4, 2010 (gmt 0)

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



Microsoft Security Advisory (981169):
Microsoft is investigating new public reports of a vulnerability in VBScript that is exposed on supported versions of Microsoft Windows 2000, Windows XP, and Windows Server 2003 through the use of Internet Explorer. Our investigation has shown that the vulnerability cannot be exploited on Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008.

...

The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month