This script is Copyright (C) 2010-2014 Tenable Network Security, Inc.
Arbitrary code can be executed on the remote host through the
installed VBScript Scripting Engine.
The installed version of the VBScript Scripting Engine allows an
attacker to specify a Help file location when displaying a dialog box
on a web page. If a user can be tricked into pressing the F1 key
while such a dialog box is being displayed, an attacker can leverage
this to cause the Windows Help System to load a specially crafted Help
file, resulting in execution of arbitrary code subject to the user's
See also :
Microsoft has released a set of patches for Windows 2000, XP, 2003,
Vista, 2008, 7, and 2008 R2.
Risk factor :
High / CVSS Base Score : 7.6
CVSS Temporal Score : 6.3
Public Exploit Available : true