SecurityTracker: Windows VBScript Script Engine Flaw in Processing Windows Help Files Lets Remote Users Execute Arbitrary Code

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: OS (Microsoft) > Windows Script Engine

Vendors: Microsoft

Windows VBScript Script Engine Flaw in Processing Windows Help Files Lets Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1023668

SecurityTracker URL: http://securitytracker.com/id/1023668

CVE Reference: CVE-2010-0483 (Links to External Site)

Updated: Apr 13 2010

Original Entry Date: Mar 2 2010

Impact: Execution of arbitrary code via network, User access via network

Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes

Version(s): 2000 SP4, XP SP3, 2003 SP2; and prior service packs; VBScript 5.1, 5.6, 5.7, 5.8

Description: A vulnerability was reported in Windows VBScript Script Engine. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create a specially crafted Windows help file that, when loaded by the target user via Microsoft Internet Explorer, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

A specially crafted dialog box can also trigger the flaw when the target user presses the F1 (help) key.

Windows 7, Windows Server 2008 R2, Windows Vista, and Windows Server 2008 are not affected.

The original advisory is available at:

http://isec.pl/vulnerabilities/isec-0027-msgbox-helpfile-ie.txt

Maurycy Prodeus reported this vulnerability.

Impact: A remote user can create a file or dialog that, when loaded by the target user, will execute arbitrary code on the target user's system.

Solution: The vendor has issued the following fixes:

Microsoft Windows 2000 Service Pack 4, VBScript 5.1:

http://www.microsoft.com/downloads/details.aspx?familyid=421BE318-F217-4D12-B7A5-833093189073

Windows XP Service Pack 2, VBScript 5.6:

http://www.microsoft.com/downloads/details.aspx?familyid=AA8FF157-A7B3-4787-80C9-5BC453F0F1C9

Windows XP Service Pack 2 and Windows XP Service Pack 3, VBScript 5.7:

http://www.microsoft.com/downloads/details.aspx?familyid=CB21D276-65E9-4C8F-96E3-CF6DC36D0133

Windows XP Professional x64 Edition Service Pack 2, VBScript 5.6:

http://www.microsoft.com/downloads/details.aspx?familyid=896C738D-4058-440F-8D4F-16C678610CD1

Windows Server 2003 Service Pack 2, VBScript 5.6:

http://www.microsoft.com/downloads/details.aspx?familyid=28B035B8-D56E-4E93-B811-9A82CF1D4BA9

Windows Server 2003 x64 Edition Service Pack 2, VBScript 5.6:

http://www.microsoft.com/downloads/details.aspx?familyid=339DDF48-8949-4857-9EF6-1DDCC7C5F8B8

Windows Server 2003 with SP2 for Itanium-based Systems, VBScript 5.6:

http://www.microsoft.com/downloads/details.aspx?familyid=9A8BEE82-5F7F-490E-A1EB-481F6D4FC4F5

Windows Vista, Windows Vista Service Pack 1, and Windows Vista Service Pack 2, VBScript 5.7:

http://www.microsoft.com/downloads/details.aspx?familyid=EE5C42C6-16BB-48BF-95C2-C188BB17D04B

Windows Vista x64 Edition, Windows Vista x64 Edition Service Pack 1, and Windows Vista x64 Edition Service Pack 2, VBScript 5.7:

http://www.microsoft.com/downloads/details.aspx?familyid=EA5C5E9C-0ECD-47BC-912D-5ADC00D1AA21

Windows Server 2008 for 32-bit Systems and Windows Server 2008 for 32-bit Systems Service Pack 2**, VBScript 5.7:

http://www.microsoft.com/downloads/details.aspx?familyid=DBE89813-0A45-463B-928C-1E58F7BB596A

Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2**, VBScript 5.7:

http://www.microsoft.com/downloads/details.aspx?familyid=9DB62357-557D-40CD-9826-B7BAA6C9DE65

Windows Server 2008 for Itanium-based Systems and Windows Server 2008 for Itanium-based Systems Service Pack 2, VBScript 5.7:

http://www.microsoft.com/downloads/details.aspx?familyid=84C5AAAE-9417-42A1-834F-22C1AD46A12F

Windows 7 for 32-bit Systems, VBScript 5.8:

http://www.microsoft.com/downloads/details.aspx?familyid=C3F76835-0053-4E53-A451-14255E7A4FC0

Windows 7 for x64-based Systems, VBScript 5.8:

http://www.microsoft.com/downloads/details.aspx?familyid=998164B7-4B8C-468B-8D39-F242633C8838

Windows Server 2008 R2 for x64-based Systems**, VBScript 5.8:

http://www.microsoft.com/downloads/details.aspx?familyid=C4039D40-A0C7-4183-AB50-04F690D1C5DC

Windows Server 2008 R2 for Itanium-based Systems, VBScript 5.8:

http://www.microsoft.com/downloads/details.aspx?familyid=8174463C-5C5E-4095-90C8-FD1E898D4BA5

A restart may be required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms10-022.mspx

The vendor's original advisory is available at:

http://www.microsoft.com/technet/security/advisory/981169.mspx

Vendor URL: www.microsoft.com/technet/security/bulletin/ms10-022.mspx (Links to External Site)

Cause: Not specified

Underlying OS:

Message History: None.

Source Message Contents

Date: Tue, 02 Mar 2010 00:03:16 +0000
Subject: Microsoft VBScript


http://www.microsoft.com/technet/security/advisory/981169.mspx

CVE-2010-0483

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2012, SecurityGlobal.net LLC