Published: 2010-03-13T07:32+00:00
Last Updated: 2010-04-19T07:44+00:00
JVNTR-2010-08
Internet Explorer VBScript Windows Help arbitrary code execution (VU#612021)
Overview
Microsoft Internet Explorer is vulnerable to arbitrary code execution through the use of VBScript and Windows Help.
Event Information
| Date (UTC) | Description |
| 2010-04-19 00:21 |
JVN JVNTR-2010-11: Microsoft Updates for Multiple Vulnerabilities (TA10-103A) |
| 2010-04-14 01:13 |
Microsoft Microsoft Security Advisory (981169): Vulnerability in VBScript Could Allow Remote Code Execution VBScript Help Keypress Vulnerability (CVE-2010-0483, MS10-022) Microsoft has completed the investigation into a public report of this vulnerability. We have issued MS10-022 to address this issue. |
| 2010-03-02 15:15 |
SANS Internet Storm Center IE 0-day using .hlp files A POC has been posted which outlines how to use VBScript in a .HLP file to invoke winhlp32.exe in Windows 2000, Windows XP SP2, SP3 & Windows 2003 SP2. A malicious page is needed to trick the user into pressing the F1 button which invokes the help function,arbitrary commands can then be executed. The attack works in IE 6, 7, & 8. |
| 2010-03-02 12:36 |
US-CERT Microsoft Releases Security Advisory to Address VBScript Vulnerability US-CERT Current Activity Microsoft has released a security advisory to address a vulnerability in VBScript. The advisory indicates that this vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. By convincing a user to view a specially crafted HTML document (web page, HTML email, or email attachment) with Internet Explorer and to press the F1 key, an attacker could run arbitrary code with the privileges of the user running the application. |
| 2010-03-01 23:48 |
Microsoft Microsoft Security Advisory (981169): Vulnerability in VBScript Could Allow Remote Code Execution Advisory published. Microsoft is investigating new public reports of a vulnerability in VBScript that is exposed on supported versions of Microsoft Windows 2000, Windows XP, and Windows Server 2003 through the use of Internet Explorer. Our investigation has shown that the vulnerability cannot be exploited on Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008. The main impact of the vulnerability is remote code execution. |
| 2010-03-01 15:14 |
The Metasploit Project Internet Explorer Winhlp32.exe MsgBox Code Execution Vulnerability Proof Of Concept (CVE-2010-0483) #Cid: 38463.rb #Cid: ie_winhlp32.rb #Tested: cpe:/o:microsoft:windows_xp::sp3 + cpe:/a:microsoft:ie:6 #Tested: cpe:/o:microsoft:windows_xp::sp3 + cpe:/a:microsoft:ie:7 |
| 2010-02-28 16:15 |
Microsoft Security Response Center Blog Investigating a new win32hlp and Internet Explorer issue On Friday 2/26/2010, an issue was posted publicly that could allow an attacker to host a maliciously crafted web page and run arbitrary code if they could convince a user to visit the web page and then get them to press the F1 key in response to a pop up dialog box. We are not aware of any attacks seeking to exploit this issue at this time and in the current state of our investigation, we have determined that users running Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista, are not affected by this issue. |
| 2010-02-26 16:31 |
Bugtraq Microsoft Internet Explorer 'winhlp32.exe' 'MsgBox()' Remote Code Execution Vulnerability Vulnerability Proof Of Concept (CVE-2010-0483) #Cid: 38463-2.txt #Tested: cpe:/a:microsoft:ie:7 #Tested: cpe:/a:microsoft:ie:8 |
| 2010-02-26 16:30 |
Microsoft Releases Security Advisory to Address VBScript Vulnerability Vulnerability (CVE-2010-0483) Public disclosure It is possible to invoke winhlp32.exe from Internet Explorer 8,7,6 using VBScript. Passing malicious .HLP file to winhlp32 could allow remote attacker to run arbitrary command. Additionally, there is a stack overflow vulnerability in winhlp32.exe. |
| 2007-02-01 |
Microsoft Releases Security Advisory to Address VBScript Vulnerability Vulnerability (CVE-2010-0483) was discovered. |
Other Information
| CVE |
CVE-2010-0483 |