<< Back
CVE Number Vulnerability Product Severity Date
981169 Vulnerability in VBScript Could Allow Remote Code Execution (981169) Microsoft Windows Critical 04-03-2010

Technical Information

Brief overview of the risk:
Microsoft Windows could allow a remote attacker to execute arbitrary code on the system, caused by the automatic opening of HELP (.hlp) files by the VBScript MsgBox() function in winhlp32.exe.
Detailed Information on the risk:
The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user. On systems running Windows Server 2003, Internet Explorer Enhanced Security Configuration is enabled by default, which helps to mitigate against this issue.Further information on this exploit is available at : (981169)

Affected Software

Microsoft Windows 2000 Service Pack 4
Windows XP Service Pack 2
Windows XP Service Pack 3
Windows XP Professional x64 Edition Service Pack 2
Windows Server 2003 Service Pack 2
Windows Server 2003 with SP2 for Itanium-based Systems
Windows Server 2003 x64 Edition Service Pack 2