CVE-2010-0483

Exploitation Summary

EIP tracks 3 public exploits for CVE-2010-0483. PoCs published by Metasploit, Maurycy Prodeus, Maurycy Prodeus, jduck, including Metasploit module exploits/windows/browser/ms10_022_ie_vbscript_winhlp32.

AI-analyzed exploit summary This Metasploit module exploits CVE-2010-0483 by serving a malicious HLP file and payload EXE via a WebDAV server. When a user presses F1 on a VBScript-generated MessageBox, the help functionality loads the HLP file, leading to arbitrary code execution.

Description

vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability."

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16541

View Code ZIP pw:eip

This Metasploit module exploits CVE-2010-0483 by serving a malicious HLP file and payload EXE via a WebDAV server. When a user presses F1 on a VBScript-generated MessageBox, the help functionality loads the HLP file, leading to arbitrary code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Internet Explorer with Winhlp32.exe on Windows XP SP3 and other versions

No auth needed

Prerequisites: User interaction (pressing F1 on a MessageBox) · WebDAV redirector enabled or SMB access

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC VERIFIED

by Maurycy Prodeus · textremotewindows_x86

https://www.exploit-db.com/exploits/11615

View Code ZIP pw:eip

This exploit leverages a vulnerability in Microsoft Internet Explorer (CVE-2010-0483) by tricking the user into pressing the F1 key, which loads a malicious help file (test.hlp) from a remote SMB share, leading to arbitrary code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Internet Explorer 6, 7, and 8 on Windows XP

No auth needed

Prerequisites: User interaction (pressing F1) · Access to a remote SMB share hosting the malicious .hlp file

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC GREAT

by Maurycy Prodeus, jduck · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ms10_022_ie_vbscript_winhlp32.rb

View Code ZIP pw:eip

This Metasploit module exploits CVE-2010-0483 by serving a malicious HLP file via WebDAV when a user presses F1 on a VBScript-generated MessageBox in Internet Explorer. It achieves remote code execution by tricking the victim into loading a payload EXE disguised as a help file.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Microsoft Internet Explorer (6.0, 7.0) on Windows (XP, Vista, Server 2003)

No auth needed

Prerequisites: Victim must visit attacker-controlled web page · User must press F1 on the MessageBox · WebDAV redirector must be enabled on victim system

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →