CVE-2010-0483 Information

Description

vbscript.dll in VBScript 5.1 5.6 5.7 and 5.8 in Microsoft Windows 2000 SP4 XP SP2 and SP3 and Server 2003 SP2 when Internet Explorer is used allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname (2) UNC share pathname or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function leading to code execution involving winhlp32.exe when the F1 key is pressed aka \VBScript Help Keypress Vulnerability.\

Reference

http://blogs.technet.com/msrc/archive/2010/02/28/investigating-a-new-win32hlp-and-internet-explorer-issue.aspx http://blogs.technet.com/msrc/archive/2010/03/01/security-advisory-981169-released.aspx http://blogs.technet.com/srd/archive/2010/03/01/help-keypress-vulnerability-in-vbscript-enabling-remote-code-execution.aspx http://isec.pl/vulnerabilities/isec-0027-msgbox-helpfile-ie.txt http://isec.pl/vulnerabilities10.html http://secunia.com/advisories/38727 http://securitytracker.com/id?1023668 http://www.computerworld.com/s/article/9163298/New_zero_day_involves_IE_puts_Windows_XP_users_at_risk http://www.kb.cert.org/vuls/id/612021 http://www.microsoft.com/technet/security/advisory/981169.mspx http://www.osvdb.org/62632 http://www.securityfocus.com/bid/38463 http://www.theregister.co.uk/2010/03/01/ie_code_execution_bug/ http://www.us-cert.gov/cas/techalerts/TA10-103A.html http://www.vupen.com/english/advisories/2010/0485 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-022 https://exchange.xforce.ibmcloud.com/vulnerabilities/56558 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A7170 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A8654 https://www.metasploit.com/svn/framework3/trunk/modules/exploits/windows/browser/ie_winhlp32.rb