CERT mailing list archives
Current Activity - Microsoft Releases Security Advisory to Address VBScript Vulnerability
From: Current Activity <us-cert () us-cert gov>
Date: Tue, 2 Mar 2010 08:57:10 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
US-CERT Current Activity
Microsoft Releases Security Advisory to Address VBScript Vulnerability
Original release date: March 2, 2010 at 8:36 am
Last revised: March 2, 2010 at 8:36 am
Microsoft has released a security advisory to address a vulnerability
in VBScript. The advisory indicates that this vulnerability exists in
the way that VBScript interacts with Windows Help files when using
Internet Explorer. By convincing a user to view a specially crafted
HTML document (web page, HTML email, or email attachment) with
Internet Explorer and to press the F1 key, an attacker could run
arbitrary code with the privileges of the user running the
application.
US-CERT encourages users and administrators to do the following to
help mitigate the risks:
* Review Microsoft Security Advisory 981169.
* Review the Microsoft Security Research & Defense blog entry
regarding this issue.
* Review US-CERT Vulnerability Note VU#612021.
* Refrain from pressing the F1 key when prompted by a website.
* Restrict access to the Windows Help System.
US-CERT will provide additional information as it becomes available.
Relevant Url(s):
<http://blogs.technet.com/srd/archive/2010/03/01/help-keypress-vulnerability-in-vbscript-enabling-remote-code-execution.aspx>
<http://www.microsoft.com/technet/security/advisory/981169.mspx>
<http://www.kb.cert.org/vuls/id/612021>
====
This entry is available at
http://www.us-cert.gov/current/index.html#microsoft_releases_security_advisory_to2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBS40ZKy/E9ke+6HGsAQI3sggAhqe0sVsLXz3IWZOVJFwKLve6brI9ABzf
5ihRU1NaMBjOpbm8RCN2nPahWe0ruhMnE7MG4upkhgpg47SEdbZ65DNmay2T+Tpz
mDnleHrl+V3gginjAP2qg+wzlLT1nyXCl4mASOWmUJqKoL7aLBZQSnYSaNwLYTvg
D5fFVx4wTyFu+EbhGd1+6CHUKiAx4BbOqXmY7DgvMeDO3GvJsNhut8uxcZPKcRYT
o48izircqHWc9d3kOM2S6k2PconSdM3AP+plPTvrXE2Y0wGqDilafCNCzf/Y5e9M
hjeOtNP5M5ErgWr5tbxhkraK49XfVGtA3SxLkCDcFtlyc6YAN4rhuw==
=UfqV
-----END PGP SIGNATURE-----
Current thread:
- Current Activity - Microsoft Releases Security Advisory to Address VBScript Vulnerability Current Activity (Mar 02)