Be careful of Windows XP's F1 Help Bug

According to iSEC's advisory, the attacker needs to elicit some cooperation from the user: The attack pops up a Windows very simple messagebox, loaded with VBScript

When the user presses F1, IE will load an attacker-supplied .HLP file with winhlp32.exe. iSEC also notes a stack overflow vulnerability in winhlp32 that they could use.

Microsoft confirmed a vulnerability in Internet Explorer 6, 7 and 8 that could allow remote code execution on Windows XP.

View Article



Comments

  • There are no comments yet. Be the first to comment!

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • Live Event Date: January 28, 2015 @ 11:00 a.m. ET / 8:00 a.m. PT Check out this upcoming live webcast and join Jeff Sloyer, IBM Developer Evangelist and Master Inventor, for a tutorial for building cloud-based applications. Using IBM's platform as a service, Bluemix, Jeff will show you how to architect and assemble cloud-based applications built for cloud scale. Leveraging the power of microservices, developers can quickly translate monolithic applications to a cloud-based microarchitecture. This hour-long …

  • Are you truly leading your team or simply managing them? Organizations need leaders and your team needs someone to follow. With some ongoing development, you could become that leader. Learn the top leadership qualities that inspire others to want to follow you and the direction of your company.

Most Popular Programming Stories

More for Developers

RSS Feeds

Thanks for your registration, follow us on our social networks to keep up-to-date