CVE-2010-0917

Currently unrated

Key Information:

Vendor
Microsoft
Status
Windows 2000
Windows 2003 Server
Windows Server 2003
Windows Xp
Vendor
CVE Published:
3 March 2010

Summary

Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483.

References

http://www.microsoft.com/technet/security/advisory/981169...
x_refsource_CONFIRM
http://www.theregister.co.uk/2010/03/01/ie_code_execution...
x_refsource_MISC
http://isec.pl/vulnerabilities/isec-0027-msgbox-helpfile-...
x_refsource_MISC

EPSS Score

24% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.