User-Assisted Code Execution Vulnerability in Microsoft Windows via VBScript
CVE-2010-0483

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows 2000; Windows 2003 Server; Windows Server 2003; Windows Xp
Vendor: CVE Published:; 3 March 2010

What is CVE-2010-0483?

This vulnerability in VBScript, used by Internet Explorer on several Microsoft Windows versions, allows remote attackers to execute arbitrary code through user interaction. By referencing a crafted .hlp file with specific parameters in the MsgBox function, an attacker can trigger code execution when the user presses the F1 key. This exposure is particularly concerning for systems running outdated versions of Windows, including Windows 2000, Windows XP, and Windows Server 2003.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

https://exchange.xforce.ibmcloud.com/vulnerabilities/56558

vdb-entryx_refsource_XF

https://docs.microsoft.com/en-us/security-updates/securit...

vendor-advisoryx_refsource_MS

EPSS Score

81% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 3, 2010
Vulnerability Reserved
Feb 2, 2010