CVE-2010-0917
Microsoft Windows 2000 SP4, XP SP2-SP3, Server 2003 SP2 - Stack-based Buffer Overflow via MsgBox Helpfile Argument
Title source: llmDescription
Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483.
References (7)
Core 7
Core References
Vendor Advisory x_refsource_confirm
http://www.microsoft.com/technet/security/advisory/981169.mspx
Various Sources x_refsource_misc
http://www.theregister.co.uk/2010/03/01/ie_code_execution_bug/
Exploit x_refsource_misc
http://isec.pl/vulnerabilities/isec-0027-msgbox-helpfile-ie.txt
Exploit x_refsource_misc
http://isec.pl/vulnerabilities10.html
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/38473
Vendor Advisory x_refsource_confirm
http://blogs.technet.com/msrc/archive/2010/03/01/security-advisory-981169-released.aspx
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/56560
Scores
EPSS
0.2432
EPSS Percentile
97.6%
Details
CWE
CWE-119
Status
published
Products (4)
microsoft/windows_2000
microsoft/windows_2003_server
(2 CPE variants)
microsoft/windows_server_2003
microsoft/windows_xp
(3 CPE variants)
Published
Mar 03, 2010
Tracked Since
Feb 18, 2026