CVE-2010-0483

Description

vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8654

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7170

https://exchange.xforce.ibmcloud.com/vulnerabilities/56558

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-022

http://www.vupen.com/english/advisories/2010/0485

http://www.us-cert.gov/cas/techalerts/TA10-103A.html

http://www.theregister.co.uk/2010/03/01/ie_code_execution_bug/

http://www.osvdb.org/62632

http://www.microsoft.com/technet/security/advisory/981169.mspx

http://www.kb.cert.org/vuls/id/612021

http://www.computerworld.com/s/article/9163298/New_zero_day_involves_IE_puts_Windows_XP_users_at_risk

http://securitytracker.com/id?1023668

http://secunia.com/advisories/38727

http://blogs.technet.com/srd/archive/2010/03/01/help-keypress-vulnerability-in-vbscript-enabling-remote-code-execution.aspx

http://blogs.technet.com/msrc/archive/2010/03/01/security-advisory-981169-released.aspx

http://blogs.technet.com/msrc/archive/2010/02/28/investigating-a-new-win32hlp-and-internet-explorer-issue.aspx

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3