Wednesday, March 03, 2010

Do NOT hit the F1 key if a website tells you to

The Microsoft Security Advisory has issued a vulnerability in VBScript that is exposed on supported versions of Microsoft Windows 2000, Windows XP, and Windows Server 2003 through the use of Microsoft Internet Explorer.

So, should a Web site displays a specially crafted dialog box asking user to hit the F1 key for Help, a malicious arbitrary code could be executed in the security context of the currently logged-on user, resulting in a security breach.

In summary, DO NOT HIT THE F1 KEY IF A WEBSITE TELLS YOU TO. Microsoft is still investigating in this vulnerability.

Vulnerability in VBScript Could Allow Remote Code Execution [via]

No comments:

Post a Comment

Do provide your constructive comment. I appreciate that.