Be careful of Windows XP's F1 Help Bug

WEBINAR:
On-Demand

Application Security Testing: An Integral Part of DevOps


According to iSEC's advisory, the attacker needs to elicit some cooperation from the user: The attack pops up a Windows very simple messagebox, loaded with VBScript

When the user presses F1, IE will load an attacker-supplied .HLP file with winhlp32.exe. iSEC also notes a stack overflow vulnerability in winhlp32 that they could use.

Microsoft confirmed a vulnerability in Internet Explorer 6, 7 and 8 that could allow remote code execution on Windows XP.

View Article



Comments

  • There are no comments yet. Be the first to comment!

  • You must have javascript enabled in order to post comments.

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • How does this impact your content strategy? Content management markets are changing rapidly. Due to increased expectations of users, changes in IT and the need for organizations to rethink their digital strategy, Gartner has launched new Magic Quadrants (MQs) for Content Services Platforms (CSP) and Content Collaboration Platforms (CCP). These MQs have updated the definition of previous Enterprise Content Management (ECM) and Enterprise File Sync and Share (EFSS) markets respectively, and are tightly connected …

  • This study investigates the differences between manual versus automated lifecycle management. Finding organizations that rely on a manual onboarding and offboarding processes have prolonged project timelines, increased costs, and heightened security risks.   In addition, IDG’s QuickPulse Survey, looks at streamlining with automated provisioning, policies, workflows, and reporting, where possible, to close these gaps and meet compliance requirements such as PII and HIPPA.     Okta …

Most Popular Programming Stories

More for Developers

RSS Feeds

Thanks for your registration, follow us on our social networks to keep up-to-date