Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 2 Mar 2010 4217 Views

RISK: Medium Risk

Medium Risk

A vulnerability has been identified in VBScript, which could be exploited by remote attackers to compromise a vulnerable system. The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user.

Impact

  • Remote Code Execution

System / Technologies affected

  • Microsoft Windows 2000
  • Windows XP
  • Windows Server 2003

Solutions

It is not aware of any vendor-supplied solution.

Workaround

  • Do not press the F1 key when prompted by a Web site
  • Restrict access to the Windows Help System
  • Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones

Vulnerability Identifier

Source

Related Link

Share with

Previous

Adobe Download Manager File Download and Execute Vulnerability

26 Feb 2010 4469 Views

Next

IBM Lotus iNotes ActiveX Control Remote Buffer Overflow Vulnerability

2 Mar 2010 4448 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY