7.4 High
AI Score
Confidence
Low
7.6 High
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:H/Au:N/C:C/I:C/A:C
0.974 High
EPSS
Percentile
99.9%
vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka βVBScript Help Keypress Vulnerability.β
blogs.technet.com/msrc/archive/2010/02/28/investigating-a-new-win32hlp-and-internet-explorer-issue.aspx
blogs.technet.com/msrc/archive/2010/03/01/security-advisory-981169-released.aspx
blogs.technet.com/srd/archive/2010/03/01/help-keypress-vulnerability-in-vbscript-enabling-remote-code-execution.aspx
isec.pl/vulnerabilities/isec-0027-msgbox-helpfile-ie.txt
isec.pl/vulnerabilities10.html
secunia.com/advisories/38727
securitytracker.com/id?1023668
www.computerworld.com/s/article/9163298/New_zero_day_involves_IE_puts_Windows_XP_users_at_risk
www.kb.cert.org/vuls/id/612021
www.microsoft.com/technet/security/advisory/981169.mspx
www.osvdb.org/62632
www.securityfocus.com/bid/38463
www.theregister.co.uk/2010/03/01/ie_code_execution_bug/
www.us-cert.gov/cas/techalerts/TA10-103A.html
www.vupen.com/english/advisories/2010/0485
docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-022
exchange.xforce.ibmcloud.com/vulnerabilities/56558
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7170
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8654
www.metasploit.com/svn/framework3/trunk/modules/exploits/windows/browser/ie_winhlp32.rb