Microsoft Internet Explorer is vulnerable to arbitrary code execution through the use of VBScript and Windows Help.
Exploit code for this vulnerability is publicly available.
By convincing a victim to view an HTML document (web page, HTML email, or email attachment) with Internet Explorer and to press the F1 key, an attacker could run arbitrary code with the privileges of the user running the application.
Apply an update
This vulnerability was publicly disclosed by iSEC SEcurity Research.
This document was written by Will Dormann.
|Date First Published:||2010-03-01|
|Date Last Updated:||2010-04-28 19:54 UTC|