CVE-2010-0483

vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability."

CVSS v2.0 7.6 HIGH

7.6^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:H/Au:N/C:C/I:C/A:C

Exploitability : 4.9 / Impact : 10.0

Access Vector NETWORK

Access Complexity HIGH

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/38463	Exploit
http://www.kb.cert.org/vuls/id/612021	US Government Resource
http://isec.pl/vulnerabilities10.html	Exploit
http://blogs.technet.com/msrc/archive/2010/03/01/security-advisory-981169-released.aspx	Vendor Advisory
http://blogs.technet.com/msrc/archive/2010/02/28/investigating-a-new-win32hlp-and-internet-explorer-issue.aspx	Vendor Advisory
http://blogs.technet.com/srd/archive/2010/03/01/help-keypress-vulnerability-in-vbscript-enabling-remote-code-execution.aspx	Vendor Advisory
http://www.computerworld.com/s/article/9163298/New_zero_day_involves_IE_puts_Windows_XP_users_at_risk
http://securitytracker.com/id?1023668
http://www.microsoft.com/technet/security/advisory/981169.mspx	Vendor Advisory
http://secunia.com/advisories/38727	Vendor Advisory
http://www.vupen.com/english/advisories/2010/0485	Vendor Advisory
https://www.metasploit.com/svn/framework3/trunk/modules/exploits/windows/browser/ie_winhlp32.rb	Exploit
http://www.theregister.co.uk/2010/03/01/ie_code_execution_bug/
http://isec.pl/vulnerabilities/isec-0027-msgbox-helpfile-ie.txt	Exploit
http://www.osvdb.org/62632
http://www.us-cert.gov/cas/techalerts/TA10-103A.html	US Government Resource
https://exchange.xforce.ibmcloud.com/vulnerabilities/56558
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8654
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7170
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-022

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:o:microsoft:windows_2000::sp4::::::*
	cpe:2.3:o:microsoft:windows_xp::sp2::::::*
	cpe:2.3:o:microsoft:windows_xp::sp3::::::*
	cpe:2.3:o:microsoft:windows_2003_server::sp2:itanium:::::
	cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:::::*
	cpe:2.3:o:microsoft:windows_server_2003::sp2::::::*
	cpe:2.3:o:microsoft:windows_2003_server::sp2::::::*

OR	cpe:2.3:a:microsoft:internet_explorer:6:::::::*
	cpe:2.3:a:microsoft:internet_explorer:7:::::::*
	cpe:2.3:a:microsoft:internet_explorer:8:::::::*

Information

Published : 2010-03-03 11:30

Updated : 2019-02-26 06:04

NVD link : CVE-2010-0483

Mitre link : CVE-2010-0483

JSON object : View

CWE

CWE-94

Improper Control of Generation of Code ('Code Injection')

Products Affected

microsoft

windows_2003_server
windows_xp
internet_explorer
windows_2000
windows_server_2003

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/38463", "name": "38463", "tags": ["Exploit"], "refsource": "BID"}, {"url": "http://www.kb.cert.org/vuls/id/612021", "name": "VU#612021", "tags": ["US Government Resource"], "refsource": "CERT-VN"}, {"url": "http://isec.pl/vulnerabilities10.html", "name": "http://isec.pl/vulnerabilities10.html", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://blogs.technet.com/msrc/archive/2010/03/01/security-advisory-981169-released.aspx", "name": "http://blogs.technet.com/msrc/archive/2010/03/01/security-advisory-981169-released.aspx", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://blogs.technet.com/msrc/archive/2010/02/28/investigating-a-new-win32hlp-and-internet-explorer-issue.aspx", "name": "http://blogs.technet.com/msrc/archive/2010/02/28/investigating-a-new-win32hlp-and-internet-explorer-issue.aspx", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://blogs.technet.com/srd/archive/2010/03/01/help-keypress-vulnerability-in-vbscript-enabling-remote-code-execution.aspx", "name": "http://blogs.technet.com/srd/archive/2010/03/01/help-keypress-vulnerability-in-vbscript-enabling-remote-code-execution.aspx", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.computerworld.com/s/article/9163298/New_zero_day_involves_IE_puts_Windows_XP_users_at_risk", "name": "http://www.computerworld.com/s/article/9163298/New_zero_day_involves_IE_puts_Windows_XP_users_at_risk", "tags": [], "refsource": "MISC"}, {"url": "http://securitytracker.com/id?1023668", "name": "1023668", "tags": [], "refsource": "SECTRACK"}, {"url": "http://www.microsoft.com/technet/security/advisory/981169.mspx", "name": "http://www.microsoft.com/technet/security/advisory/981169.mspx", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/38727", "name": "38727", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2010/0485", "name": "ADV-2010-0485", "tags": ["Vendor Advisory"], "refsource": "VUPEN"}, {"url": "https://www.metasploit.com/svn/framework3/trunk/modules/exploits/windows/browser/ie_winhlp32.rb", "name": "https://www.metasploit.com/svn/framework3/trunk/modules/exploits/windows/browser/ie_winhlp32.rb", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://www.theregister.co.uk/2010/03/01/ie_code_execution_bug/", "name": "http://www.theregister.co.uk/2010/03/01/ie_code_execution_bug/", "tags": [], "refsource": "MISC"}, {"url": "http://isec.pl/vulnerabilities/isec-0027-msgbox-helpfile-ie.txt", "name": "http://isec.pl/vulnerabilities/isec-0027-msgbox-helpfile-ie.txt", "tags": ["Exploit"], "refsource": "MISC"}, {"url": "http://www.osvdb.org/62632", "name": "62632", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.us-cert.gov/cas/techalerts/TA10-103A.html", "name": "TA10-103A", "tags": ["US Government Resource"], "refsource": "CERT"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56558", "name": "ms-win-msgbox-code-execution(56558)", "tags": [], "refsource": "XF"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8654", "name": "oval:org.mitre.oval:def:8654", "tags": [], "refsource": "OVAL"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7170", "name": "oval:org.mitre.oval:def:7170", "tags": [], "refsource": "OVAL"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-022", "name": "MS10-022", "tags": [], "refsource": "MS"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka \"VBScript Help Keypress Vulnerability.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-94"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-0483", "ASSIGNER": "secure@microsoft.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}}, "publishedDate": "2010-03-03T19:30Z", "configurations": {"nodes": [{"children": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}, {"cpe23Uri": "cpe:2.3:a:microsoft:internet_explorer:8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false}]}], "operator": "AND", "cpe_match": []}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2019-02-26T14:04Z"}

7.6 /10