Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability
Last Update Date:
28 Jan 2011
Release Date:
2 Mar 2010
5207
Views
RISK: Medium Risk
A vulnerability has been identified in VBScript, which could be exploited by remote attackers to compromise a vulnerable system. The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user.
Impact
- Remote Code Execution
System / Technologies affected
- Microsoft Windows 2000
- Windows XP
- Windows Server 2003
Solutions
It is not aware of any vendor-supplied solution.
Workaround
- Do not press the F1 key when prompted by a Web site
- Restrict access to the Windows Help System
- Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones
Vulnerability Identifier
Source
Related Link
Share with