Stack-based Buffer Overflow in VBScript on Microsoft Windows and Internet Explorer
CVE-2010-0917

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows 2000; Windows 2003 Server; Windows Server 2003; Windows Xp
Vendor: CVE Published:; 3 March 2010

What is CVE-2010-0917?

A stack-based buffer overflow exists in VBScript when used with Internet Explorer on specific Microsoft Windows versions. This vulnerability can be exploited by user-assisted remote attackers through a malicious long string in the helpfile argument of the MsgBox function. When the F1 key is pressed, the vulnerability triggers, allowing for potential code execution, thus compromising the system's integrity.

References

http://www.microsoft.com/technet/security/advisory/981169...

x_refsource_CONFIRM

http://www.theregister.co.uk/2010/03/01/ie_code_execution...

x_refsource_MISC

http://isec.pl/vulnerabilities/isec-0027-msgbox-helpfile-...

x_refsource_MISC

EPSS Score

44% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 3, 2010
Vulnerability Reserved
Mar 3, 2010