Microsoft VBScript Help Remote Code Execution Vulnerability

Overview

» IDS/IPS Signatures

Security Sites

iPolicy Networks Security Advisory


Date Discovered:	04/13/2010
Severity:	High
Operating Systems Affected:	Microsoft Windows 2000 SP4 Microsoft Windows XP SP 2 & SP 3 Microsoft Windows XP Pro x64 SP 2 Microsoft Windows Server 2003 SP 2 Microsoft Windows Server 2003 x64 SP 2 Microsoft Windows Server 2003 SP2 Itanium
Application Affected:	VBScript 5.1 VBScript 5.6 VBScript 5.7 VBScript 5.8
Type:	Remote
Identifiers:	CVE-2010-0483

Synopsis

Microsoft VBScript is reported prone to remote code execution vulnerability due to the way it interacts with windows help files when using Internet Explorer. A malicious web page could display a dialog box which will result in execution of arbitrary code when the user presses the F1 key.

Recommended Actions

Update the patches as guided by vendor at :
http://www.microsoft.com/technet/security/bulletin/ms10-022.mspx

Threat Analysis

A remote code execution vulnerability exists in the way that VBScript interacts with windows help files when using Internet Explorer. A malicious web page can display a dialog box which will trigger the execution of arbitrary code when the user presses the F1 key. The F1 key launches winhlp32.exe with an attacker-supplied .hlp file.

An attacker could exploit this vulnerability by enticing the user to visit compromised web page and press the F1 key. Successful exploitation of the vulnerability could allow an attacker to execution remote code and take complete control of the victim machine.

References

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0483

Write-up by: Anupam Kumar