Release DateMar 03, 2010 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attack attempt against a command execution vulnerability inMicrosoft Internet Explorer. The vulnerability is caused by an error when the vulnerable software handles a malicious VBScript code that tricks user to press F1 key. It allows a remote attacker to execute arbitrary command via sending a crafted web page. |
Affected ProductsMicrosoft Internet Explorer 7 and 8 on Windows XP |
Recommended ActionsInstall patches when available. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2010-0483 |
Reference/shttp://www.microsoft.com/technet/security/Bulletin/ms10-022.mspx (MS-ID)http://www.exploit-db.com/exploits/11615 http://www.microsoft.com/technet/security/advisory/981169.mspx http://secunia.com/advisories/38727/ http://www.vupen.com/english/advisories/2010/0485 http://isec.pl/vulnerabilities/isec-0027-msgbox-helpfile-ie.txt |
