Digg
del.icio.us
Newsvine
Facebook
Google
LinkedIn
MySpace
Reddit
Slashdot
StumbleUpon
Technorati
Twitter
Windows Live
YahooBuzz
FriendFeedBe careful of Windows XP's F1 Help Bug
Posted
on March 2nd, 2010
According to iSEC's advisory, the attacker needs to elicit some cooperation from the user: The attack pops up a Windows very simple messagebox, loaded with VBScript
When the user presses F1, IE will load an attacker-supplied .HLP file with winhlp32.exe. iSEC also notes a stack overflow vulnerability in winhlp32 that they could use.
Microsoft confirmed a vulnerability in Internet Explorer 6, 7 and 8 that could allow remote code execution on Windows XP.
Comments
There are no comments yet. Be the first to comment!