Do not press F1 on a computer with Windows XP if you use Internet Explorer

The Polish researcher Maurycy Prodeus, an analyst at ISEC Security Research has discovered an interesting flaw that may allow a malintezionato to exploit a vulnerability in your system online help windows. The vulnerability would be operated by simply pressing the F1 key. the operating system suffers from this problem is Windows XP SP3. The mechanism is simple VBScript file is based on interacting with the Help files that are launched through Internet Explorer.
Basically you load a help file to enable remote attacker to create an application winhlp32 overflow to execute arbitrary code with the rights of current.

It is highly recommended to block access to port 445.
The affected versions are both IE 6, IE7 that IE8.
computers that have Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2 are not affected by this issue and indeed if you use an alternative browser like Mozilla Firefox should not run into this bug.

Questa voce è stata pubblicata in English Articles e contrassegnata con , , , , , , , , , , , , , , , , , , , , , , , , , , . Contrassegna il permalink.