Software giant Microsoft has issued a warning about an unpatched vulnerability in XP machines running Internet Explorer.
According to Techworld, the flaw is present in all versions of Internet Explorer and on all operating systems up to Windows XP SP3. It consists of a bug in VBScript that could enable hackers to inject a PC with malware.
The analyst who discovered the flaw said that attackers could exploit a PC by disguising malware as a Windows help file with a .hlp extension, which then attempts to lure users in to hitting the F1 key. Once this is done, the malware infects the victims system.
"I would say the vulnerability is 'high severity," said security researcher Cesar Cerrudo told Techworld. "It's not critical since it needs user interaction, the user pressing F1 key when a message dialog is displayed.
“I would say that there is a high probability a regular user will press F1 key if asked, since an attacker can annoy the user with hundred of messages telling the user to press F1 to continue."
Advertisement
Related Stories
- Daily deals websites get the Apprentice treatment May 23rd 2012 at 9:58PM
- Google Chrome takes most popular browser crown from IE May 22nd 2012 at 1:33PM
- Have your say: Does your business listen to complaints on Twitter? May 21st 2012 at 10:56AM
- Google introduces Knowledge Graph for more intelligent search May 17th 2012 at 10:55AM
- Twitter reaches 10-million user milestone in the UK May 16th 2012 at 2:33PM
- SOCA hit by cyber attack May 3rd 2012 at 4:45PM
- Follow the PCR Retail Boot Camp news on Twitter May 1st 2012 at 11:05AM
- Google chief warns of threat to the free web Apr 16th 2012 at 8:56AM
- Scientists warn of inbound solar flares Mar 8th 2012 at 12:51PM
- Groupon complaints pile up Feb 29th 2012 at 9:05AM
