New Search

VBScript Help Keypress Vulnerability

oval:org.mitre.oval:def:7170

vbscript.dll in VBScript 5.1 5.6 5.7 and 5.8 in Microsoft Windows 2000 SP4 XP SP2 and SP3 and Server 2003 SP2 when Internet Explorer is used allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname (2) UNC share pathname or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function leading to code execution involving winhlp32.exe when the F1 key is pressed aka "VBScript Help Keypress Vulnerability."

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows 7
  • Microsoft Windows Server 2008
  • Microsoft Windows Vista
  • Microsoft Windows XP
  • Microsoft Windows Server 2003
  • Microsoft Windows Server 2008 R2
Class:
vulnerability
Reference(s):
  • CVE-2010-0483
Product(s):
  • VBScript 5.8
  • VBScript 5.1
  • VBScript 5.7
  • VBScript 5.6