This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects a remote code execution vulnerability in the Microsoft Internet Explorer.
Microsoft Internet Explorer is a browser for the Windows operating system.
Internet Explorer is prone to a remote code execution vulnerability when handling a VBscript 'MsgBox()' function. Specifically, attackers can specify an external help file (through SMB or WebDAV) as a parameter to the message box. When a victim clicks on the 'F1' key of the message box, the attacker supplied help file will execute with the permissions of the currently logged in user.
Note attackers must use social-engineering techniques to convince an unsuspecting user to press the 'F1' key when the attacker's message box prompts them to do so.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer.
Internet Explorer 6, 7, and 8 are vulnerable when running on the Windows XP platform.
NOTE: This document previously mentioned a buffer-overflow affecting 'winhlp32.exe'. That issue has been moved to BID 38473 (Microsoft Internet Explorer 'winhlp32.exe' 'MsgBox()' Stack-Based Buffer Overflow Vulnerability) to better document it.
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: firstname.lastname@example.org.