Be careful of Windows XP's F1 Help Bug

According to iSEC's advisory, the attacker needs to elicit some cooperation from the user: The attack pops up a Windows very simple messagebox, loaded with VBScript

When the user presses F1, IE will load an attacker-supplied .HLP file with winhlp32.exe. iSEC also notes a stack overflow vulnerability in winhlp32 that they could use.

Microsoft confirmed a vulnerability in Internet Explorer 6, 7 and 8 that could allow remote code execution on Windows XP.

View Article



Comments

  • There are no comments yet. Be the first to comment!

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • Live Event Date: December 11, 2014 @ 1:00 p.m. ET / 10:00 a.m. PT Market pressures to move more quickly and develop innovative applications are forcing organizations to rethink how they develop and release applications. The combination of public clouds and physical back-end infrastructures are a means to get applications out faster. However, these hybrid solutions complicate DevOps adoption, with application delivery pipelines that span across complex hybrid cloud and non-cloud environments. Check out this …

  • On-demand Event Event Date: October 29, 2014 It's well understood how critical version control is for code. However, its importance to DevOps isn't always recognized. The 2014 DevOps Survey of Practice shows that one of the key predictors of DevOps success is putting all production environment artifacts into version control. In this webcast, Gene Kim discusses these survey findings and shares woeful tales of artifact management gone wrong! Gene also shares examples of how high-performing DevOps …

Most Popular Programming Stories

More for Developers

RSS Feeds