Skip to main content

Microsoft Internet Explorer VBScript Remote Code Execution Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 2 Mar 2010 5207 Views

RISK: Medium Risk

A vulnerability has been identified in VBScript, which could be exploited by remote attackers to compromise a vulnerable system. The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user.


Impact

  • Remote Code Execution

System / Technologies affected

  • Microsoft Windows 2000
  • Windows XP
  • Windows Server 2003

Solutions

It is not aware of any vendor-supplied solution.

Workaround

  • Do not press the F1 key when prompted by a Web site
  • Restrict access to the Windows Help System
  • Set Internet and Local intranet security zone settings to "High" to block ActiveX Controls and Active Scripting in these zones


Vulnerability Identifier


Source


Related Link