Summary
The host is installed with Internet Explorer and VBScript and is prone to Remote Code Execution vulnerability.
Impact
Successful exploitation will allow remote attackers to execute arbitrary code via specially crafted attack.
Impact Level: System
Solution
Apply the latest updates. For more information refer, http://technet.microsoft.com/en-us/security/advisory/981169
Insight
The flaw exists in the way that 'VBScript' interacts with Windows Help files when using Internet Explorer. If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, it allows arbitrary code to be executed in the security context of the currently logged-on user.
Affected
Microsoft Internet Explorer version 6.x, 7.x, 8.x
Severity
Classification
-
CVE CVE-2010-0483 -
CVSS Base Score: 7.6
AV:N/AC:H/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft Windows DNS Memory Corruption Vulnerability - Mar09
- Microsoft .NET Framework 'RC4' Information Disclosure Vulnerability (2960358)
- Microsoft WMI Administrative Tools ActiveX Control Remote Code Execution Vulnerabilities
- Symantec Anti Virus Corporate Edition Check
- Opera skin zip file buffer overflow vulnerability