Attackers use F1 key to lunch attacks

General

Home

Security advisories

White papers

OpenVAS

Language center

Resource menu

Attackers use F1 key to lunch attacks

LSS_NEWS_2010_007 Microsoft is warned Windows XP operation system users to ignore requests from web sites that refer on pressing the help key (F1).

The problem is connected to unpatched vulnerability that allows attackers to hijack computers running Internet Explorer browser. In security advisory MSA 981169, Microsoft team confirmed existence of bug in VBScript in the ways that component interacts with Windows Help files. If a malicious Web site displayed a specially crafted dialog box and user pressed the F1 key, remote attacker could execute arbitrary code. Successful exploiting of this vulnerability could give complete control of system to attacker. Users running Windows Vista, Windows Server 2008, Windows 7 or Windows Server 2008 R2 are safe from such attacks. Other users can protect themselves by not pressing the F1 key or disabling Windows Help. More information is available at COMPUTERWORLD site.