Vendor warns of help page vulnerability in Internet Explorer

Microsoft says ‘don?t press F1’

Software giant Microsoft has issued a warning about an unpatched vulnerability in XP machines running Internet Explorer.

According to Techworld, the flaw is present in all versions of Internet Explorer and on all operating systems up to Windows XP SP3. It consists of a bug in VBScript that could enable hackers to inject a PC with malware.

The analyst who discovered the flaw said that attackers could exploit a PC by disguising malware as a Windows help file with a .hlp extension, which then attempts to lure users in to hitting the F1 key. Once this is done, the malware infects the victims system.

"I would say the vulnerability is ‘high severity," said security researcher Cesar Cerrudo told Techworld. "It’s not critical since it needs user interaction, the user pressing F1 key when a message dialog is displayed.

“I would say that there is a high probability a regular user will press F1 key if asked, since an attacker can annoy the user with hundred of messages telling the user to press F1 to continue."

Check Also

Giacom and DWS appoint James Baker as Chief Alliance and Product Officer

Giacom and Digital Wholesale Solutions (DWS) have appointed James Baker as Chief Alliance and Product …