Signature Detail

HTTP: Microsoft Windows winhlp32.exe MsgBox Remote Code Execution

A code execution vulnerability exists in Microsoft Windows. The vulnerability is caused by a design weakness in the Remote unauthenticated attackers can exploit this vulnerability by enticing the target user to open a malicious website and then press F1 key when a specially crafted dialog box is displayed. This may lead to execution of arbitrary code on the target system within the security context of the currently logged in user.

Extended Description

Microsoft VBScript is prone to a remote code-execution vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. NOTE: Attackers must use social-engineering techniques to convince an unsuspecting user to press the 'F1' key when the attacker's message box prompts them to do so. NOTE: Microsoft reports that this issue can not be exploited on Windows Vista, Server 2008, 7, or Server 2008 R2. NOTE: This document previously mentioned a buffer-overflow affecting 'winhlp32.exe'. That issue has been moved to BID 38473 (Microsoft Internet Explorer 'winhlp32.exe' 'MsgBox()' Stack-Based Buffer Overflow Vulnerability) to better document it.

Affected Products

• Avaya Meeting Exchange - Client Registration Server
• Avaya Meeting Exchange - Recording Server
• Avaya Meeting Exchange - Streaming Server
• Avaya Meeting Exchange - Web Conferencing Server
• Avaya Meeting Exchange - Webportal
• Avaya Messaging Application Server 4
• Avaya Messaging Application Server 5
• Avaya Messaging Application Server MM 1.1
• Avaya Messaging Application Server MM 2.0
• Avaya Messaging Application Server MM 3.0
• Avaya Messaging Application Server MM 3.1
• Avaya Messaging Application Server
• Microsoft VBScript 5.1
• Microsoft VBScript 5.6
• Microsoft VBScript 5.7
• Microsoft VBScript 5.8

References

• BugTraq: 38463
• CVE: CVE-2010-0483