VR-Zone

Ever used the F1 key for help in Windows ? Well think again. Affecting only Windows 2000, Windows XP and Windows Server 2003 and using Internet Explorer.

According to Microsoft, they are investigating new public reports of a vulnerability in VBScript that is exposed on supported versions mentioned above through the use of Internet Explorer. Investigations have shown that the vulnerability cannot be exploited on Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008.

The main impact of the vulnerability is remote code execution which exists in the way that VBScript interacts with Windows Help files when using Internet Explorer.

If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user.

Hopefully a fix will be out asap and in the mean time, avoid "possible" malicious websites or switch to another browser.