Home / Microsoft / WinXP: F1 key Could Allow Remote Code Execution in IE

WinXP: F1 key Could Allow Remote Code Execution in IE

By on March 3, 2010 10:40 am

Ever used the F1 key for help in Windows ? Well think again. Affecting only Windows 2000, Windows XP and Windows Server 2003 and using Internet Explorer.

Read on for more

Ever used the F1 key for help in Windows ? Well think again. Affecting
only Windows 2000, Windows XP and Windows Server 2003 and using Internet
Explorer.

According to Microsoft, they are investigating new public reports of a vulnerability in
VBScript that is exposed on supported versions mentioned above through the use of Internet
Explorer. Investigations have shown that the vulnerability cannot be
exploited on Windows 7, Windows Server 2008 R2, Windows Vista, or
Windows Server 2008.

The main impact of the vulnerability is remote code
execution which exists in the way that VBScript interacts with Windows
Help files when using Internet Explorer.

If a malicious Web site
displayed a specially crafted dialog box and a user pressed the F1 key,
arbitrary code could be executed in the security context of the
currently logged-on user.

Hopefully a fix will be out asap and in the mean time, avoid “possible” malicious websites or switch to another browser.

Related Items