Malaysian Computer Emergency Response Team

Services

Advisories Cyber999 Help Centre Malware Research Centre Incident Statistics

MyCERT Statistic

Reported Incidents based on General Incident Classification Statistics 2010

Help Centre

Reporting Channels

MyCERT Advisories

MyCERT Advisories, Alerts and Summaries for the year 2010

MA-218.032010 : MyCERT Alert - Microsoft Windows Help File Code Execution Vulnerability Within Internet Explorer via VBScript

Date First Published: 2010-03-02

1.0 Introduction

A critical vulnerability (CVE-2010-0483) has been identified in Microsoft Windows, which could be exploited by remote attackers to compromise a vulnerable system. The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. If a malicious Web site displays a specially crafted dialog box and a user presses the F1 key, arbitrary code could be executed in the security context of the currently logged-on user.

Essentially, attackers must use social-engineering techniques to convince an unsuspecting user to press the 'F1' key when the attacker's message box prompts them to do so.

MyCERT is aware that a '0-day' exploit is available on the internet at the time of the publication of this advisory.

2.0 Impact

An attacker who successfully exploits this vulnerability will be able to execute codes remotely and gain the same privilege as the user.

3.0 Affected Products

The detail list of the vulnerable products and its versions are as below:

Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003

4.0 Recommendations

As of the writing of this advisory, Microsoft has not released any security patches for this vulnerability. However, users can use the following steps as a temporary workaround if they need to use Microsoft Internet Explorer:

4.1 Disable Active Script support in the browser. Active Script can be disabled by referring to the following steps:
On the Tools menu, click Internet Options

Click the Security tab, choose Internet zone and click on Custom Level

Disable the Active Scripting and click OK

4.2 Do not browse untrusted websites or click on untrusted links especially URLs enclosed in e-mails from an unknown sender.
4.3 Browse the Internet through access of a lower privilege user to minimize the impact of the malicious file.

4.4 Consider using alternative web browsers to browse the Internet. Please make sure you use the latest version and stay up-to-date as well.

MyCERT would like to advise the users of Microsoft Windows to be vigilant of the latest security announcements by Microsoft and ensure that they automatically update the operating systems. The article on how to enable the auto update feature in Microsoft is available at the following URL:

http://www.mycert.org.my/en/resources/os/main/main/detail/707/index.html

Users may also consider using a vulnerability management tool such as Secunia to ensure that all applications are updated:

http://secunia.com/vulnerability_scanning/personal/

MyCERT can be reached through the following channels for further assistance:

E-mail : mycert@mycert.org.my
Phone : +603 89926969 or 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : +60 19 2813801 (24x7 SMS reporting)
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: http://www.mycert.org.my

5.0 References