MS10-022: Vulnerability in VBScript Scripting Engine Could Allow Remote Code Execution (981169)
High Nessus Plugin ID 45509
SynopsisArbitrary code can be executed on the remote host through the installed VBScript Scripting Engine.
DescriptionThe installed version of the VBScript Scripting Engine allows an attacker to specify a Help file location when displaying a dialog box on a web page. If a user can be tricked into pressing the F1 key while such a dialog box is being displayed, an attacker can leverage this to cause the Windows Help System to load a specially crafted Help file, resulting in execution of arbitrary code subject to the user's privileges.
SolutionMicrosoft has released a set of patches for Windows 2000, XP, 2003, Vista, 2008, 7, and 2008 R2.