dcsimg

Be careful of Windows XP's F1 Help Bug

WEBINAR:
On-Demand

Application Security Testing: An Integral Part of DevOps


According to iSEC's advisory, the attacker needs to elicit some cooperation from the user: The attack pops up a Windows very simple messagebox, loaded with VBScript

When the user presses F1, IE will load an attacker-supplied .HLP file with winhlp32.exe. iSEC also notes a stack overflow vulnerability in winhlp32 that they could use.

Microsoft confirmed a vulnerability in Internet Explorer 6, 7 and 8 that could allow remote code execution on Windows XP.

View Article



Comments

  • There are no comments yet. Be the first to comment!

  • You must have javascript enabled in order to post comments.

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • The Internet of Things (IoT), a growing network of physical devices with Internet connectivity, can collect and exchange rich data. Organizations utilizing the Enterprise of Things (EoT) are also at a greater risk for data breaches and cybersecurity threats. Healthcare organizations striving to realize the full potential of the EoT must also be able to confidentially and reliably transmit highly sensitive data between connected devices. Read this white paper to discover the best cybersecurity strategies to get …

  • A CRM solution holds a wealth of information and document generation tools allow users to take that information and create documents with both visual appeal and function. Document generation is the process of automatically producing a file and document generation applications save companies time, mistakes, and money. You bought Salesforce to be more efficient — why are you still manually creating proposals, contracts, invoices, and account plans? Read this eBook to learn how you can automate virtually …

Most Popular Programming Stories

More for Developers

RSS Feeds

Thanks for your registration, follow us on our social networks to keep up-to-date
×
We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.