Be careful of Windows XP's F1 Help Bug

According to iSEC's advisory, the attacker needs to elicit some cooperation from the user: The attack pops up a Windows very simple messagebox, loaded with VBScript

When the user presses F1, IE will load an attacker-supplied .HLP file with winhlp32.exe. iSEC also notes a stack overflow vulnerability in winhlp32 that they could use.

Microsoft confirmed a vulnerability in Internet Explorer 6, 7 and 8 that could allow remote code execution on Windows XP.

View Article



Comments

  • There are no comments yet. Be the first to comment!

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • Enterprises are typically overwhelmed with incredible volumes of alerts that lack context and are not easily correlated across their technology stacks and silos. It can be incredibly challenging for large enterprises to detect and resolve incidents across multiple environments. When enterprises do detect challenges, communicating and acting efficiently through the right tools can be a daunting proposition. IT teams can provide real value if they collaborate and use agile methods for enterprise DevOps to move …

  • Whether you're just now developing your first mobile app, refining an existing one, or deploying multiple apps, the process for doing so can be complicated. Utilizing a Rapid Mobile Application Development (RMAD) platform can help you not only make that process easier, but also help the business reach its goals in a timely, cost-efficient manner. This eBook outlines seven key factors to consider as you choose the right RMAD platform to meet your needs, and includes a quick-reference checklist.

Most Popular Programming Stories

More for Developers

RSS Feeds

Thanks for your registration, follow us on our social networks to keep up-to-date