CVE-2010-0483

Microsoft Windows 2000 - Code Injection

Title source: rule

Description

vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability."

Exploits (3)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16541

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Maurycy Prodeus · textremotewindows_x86

https://www.exploit-db.com/exploits/11615

View Code ZIP pw:eip

metasploit WORKING POC GREAT

by Maurycy Prodeus, jduck · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/ms10_022_ie_vbscript_winhlp32.rb

View Code ZIP pw:eip

References (20)

[Vendor Advisory] http://blogs.technet.com/msrc/archive/2010/02/28/investigating-a-new-win32hlp-and-internet-explorer-issue.aspx

[Vendor Advisory] http://blogs.technet.com/msrc/archive/2010/03/01/security-advisory-981169-released.aspx

[Vendor Advisory] http://blogs.technet.com/srd/archive/2010/03/01/help-keypress-vulnerability-in-vbscript-enabling-remote-code-execution.aspx

[Exploit] http://isec.pl/vulnerabilities/isec-0027-msgbox-helpfile-ie.txt

[Exploit] http://isec.pl/vulnerabilities10.html

[Vendor Advisory] http://secunia.com/advisories/38727

[Various Sources] http://www.computerworld.com/s/article/9163298/New_zero_day_involves_IE_puts_Windows_XP_users_at_risk

[US Government Resource] http://www.kb.cert.org/vuls/id/612021

[Vendor Advisory] http://www.microsoft.com/technet/security/advisory/981169.mspx

[Exploit] http://www.securityfocus.com/bid/38463

[Various Sources] http://www.theregister.co.uk/2010/03/01/ie_code_execution_bug/

[US Government Resource] http://www.us-cert.gov/cas/techalerts/TA10-103A.html

[Vendor Advisory] http://www.vupen.com/english/advisories/2010/0485

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-022

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/56558

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7170

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8654

[Exploit] https://www.metasploit.com/svn/framework3/trunk/modules/exploits/windows/browser/ie_winhlp32.rb

[Third Party Advisory, VDB Entry] http://www.osvdb.org/62632

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1023668

Scores

EPSS 0.8196

EPSS Percentile 99.2%

Details

CWE

CWE-94

Status published

Products (4)

microsoft/windows_2000

microsoft/windows_2003_server (2 CPE variants)

microsoft/windows_server_2003

microsoft/windows_xp (3 CPE variants)

Published Mar 03, 2010

Tracked Since Feb 18, 2026