| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| 981169 | Vulnerability in VBScript Could Allow Remote Code Execution (981169) | Microsoft Windows | Critical | 04-03-2010 |
Technical Information
Brief overview of the risk:
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by the automatic opening of HELP (.hlp) files by the VBScript MsgBox() function in winhlp32.exe.
Detailed Information on the risk:
The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user. On systems running Windows Server 2003, Internet Explorer Enhanced Security Configuration is enabled by default, which helps to mitigate against this issue.Further information on this exploit is available at : (981169)
Affected Software
Microsoft Windows 2000 Service Pack 4Windows XP Service Pack 2
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2003 x64 Edition Service Pack 2