Be careful of Windows XP's F1 Help Bug

Tuesday Mar 2nd 2010 by -
Share:

Microsoft confirmed a vulnerability in Internet Explorer 6, 7 and 8 that could allow remote code execution on Windows XP.

According to iSEC's advisory, the attacker needs to elicit some cooperation from the user: The attack pops up a Windows very simple messagebox, loaded with VBScript

When the user presses F1, IE will load an attacker-supplied .HLP file with winhlp32.exe. iSEC also notes a stack overflow vulnerability in winhlp32 that they could use.

Share:
Home
Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved