Be careful of Windows XP's F1 Help Bug

According to iSEC's advisory, the attacker needs to elicit some cooperation from the user: The attack pops up a Windows very simple messagebox, loaded with VBScript

When the user presses F1, IE will load an attacker-supplied .HLP file with winhlp32.exe. iSEC also notes a stack overflow vulnerability in winhlp32 that they could use.

Microsoft confirmed a vulnerability in Internet Explorer 6, 7 and 8 that could allow remote code execution on Windows XP.

View Article



Comments

  • There are no comments yet. Be the first to comment!

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • On-Demand eSeminar DevOps and Cloud are all the rage in IT, but the two terms relating process and computing aren't mutually exclusive. Join us to see how your movement into cloud changes the way you develop, deploy, test and manage, and how DevOps can actually be a good thing when coupled with cloud.

  • Is your compliance strategy relying on disconnected processes and tools that leave your organization at risk? Do your security and operations teams run into conflicts--leading to a gap between audit and remediation? Now you can make even the most complex and dynamic IT infrastructure fully secure and compliant. Read this eBook and learn how to: Improve process and close the SecOps gap Quickly detect, audit and remediate breaches Create a more agile environment to comply to regulatory mandates Better …

Most Popular Programming Stories

More for Developers

RSS Feeds

Thanks for your registration, follow us on our social networks to keep up-to-date