Vulnerability Name:

CVE-2010-0483 (CCN-56558)

Assigned:2010-02-26
Published:2010-02-26
Updated:2019-02-26
Summary:vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability."
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:7.6 High (CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)
5.6 Medium (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-94
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: The Microsoft Security Response Center (MSRC)
Investigating a new win32hlp and Internet Explorer issue

Source: CONFIRM
Type: Vendor Advisory
http://blogs.technet.com/msrc/archive/2010/02/28/investigating-a-new-win32hlp-and-internet-explorer-issue.aspx

Source: CONFIRM
Type: Vendor Advisory
http://blogs.technet.com/msrc/archive/2010/03/01/security-advisory-981169-released.aspx

Source: CONFIRM
Type: Vendor Advisory
http://blogs.technet.com/srd/archive/2010/03/01/help-keypress-vulnerability-in-vbscript-enabling-remote-code-execution.aspx

Source: MITRE
Type: CNA
CVE-2010-0483

Source: MISC
Type: Exploit
http://isec.pl/vulnerabilities/isec-0027-msgbox-helpfile-ie.txt

Source: MISC
Type: Exploit
http://isec.pl/vulnerabilities10.html

Source: CCN
Type: SA38727
Microsoft Windows "MsgBox()" HLP File Execution Vulnerability

Source: SECUNIA
Type: Vendor Advisory
38727

Source: CCN
Type: SECTRACK ID: 1023668
Windows VBScript Script Engine Flaw in Processing Windows Help Files Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1023668

Source: CCN
Type: Microsoft Security Bulletin MS12-056
Vulnerability in JScript and VBScript Engines Could Allow Remote Code Execution (2706045)

Source: MISC
Type: UNKNOWN
http://www.computerworld.com/s/article/9163298/New_zero_day_involves_IE_puts_Windows_XP_users_at_risk

Source: CCN
Type: iSEC Security Research
It is possible to invoke winhlp32.exe from Internet Explorer 8,7,6 using VBScript

Source: CCN
Type: US-CERT VU#612021
Internet Explorer VBScript Windows Help arbitrary code execution

Source: CERT-VN
Type: US Government Resource
VU#612021

Source: CCN
Type: Microsoft Security Advisory (981169)
Vulnerability in VBScript Could Allow Remote Code Execution

Source: CONFIRM
Type: Vendor Advisory
http://www.microsoft.com/technet/security/advisory/981169.mspx

Source: CCN
Type: Microsoft Security Bulletin MS10-022
Vulnerabilities in VBScript Could Allow Remote Code Execution (981169)

Source: CCN
Type: Microsoft Security Bulletin MS11-009
Vulnerability in JScript and VBScript Scripting Engines Could Allow Information Disclosure (2475792)

Source: CCN
Type: Microsoft Security Bulletin MS11-031
Vulnerability in JScript and VBScript Scripting Engines Could Allow Remote Code Execution (2514666)

Source: OSVDB
Type: UNKNOWN
62632

Source: CCN
Type: OSVDB ID: 62632
Microsoft Windows VBScript MsgBox() Function HLP File Arbitrary Command Execution

Source: BID
Type: Exploit
38463

Source: CCN
Type: BID-38463
Microsoft VBScript 'winhlp32.exe' 'MsgBox()' Remote Code Execution Vulnerability

Source: CCN
Type: BID-38473
Microsoft Internet Explorer 'winhlp32.exe' 'MsgBox()' Stack-Based Buffer Overflow Vulnerability

Source: MISC
Type: UNKNOWN
http://www.theregister.co.uk/2010/03/01/ie_code_execution_bug/

Source: CERT
Type: US Government Resource
TA10-103A

Source: VUPEN
Type: Vendor Advisory
ADV-2010-0485

Source: MS
Type: UNKNOWN
MS10-022

Source: XF
Type: UNKNOWN
ms-win-msgbox-code-execution(56558)

Source: XF
Type: UNKNOWN
ms-win-msgbox-code-execution(56558)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:7170

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:8654

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [03-02-2010]

Source: MISC
Type: Exploit
https://www.metasploit.com/svn/framework3/trunk/modules/exploits/windows/browser/ie_winhlp32.rb

Vulnerable Configuration:Configuration 1:
  • cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
  • AND
  • cpe:/a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:8:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:xp:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:*
  • OR cpe:/o:microsoft:windows_xp::sp2:x64:*:professional:*:*:*
  • OR cpe:/a:microsoft:vbscript:5.6:*:*:*:*:*:*:*
  • OR cpe:/o:microsoft:windows:xp:sp3:*:*:*:*:*:*
  • OR cpe:/a:microsoft:vbscript:5.7:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:vbscript:5.8:*:*:*:*:*:*:*
  • AND
  • cpe:/a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*
  • OR cpe:/a:microsoft:ie:8.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:7170
    V
    		VBScript Help Keypress Vulnerability
    2015-08-10
    BACK
    microsoft windows 2000 * sp4
    microsoft windows 2003 server * sp2
    microsoft windows 2003 server * sp2
    microsoft windows server 2003 * sp2
    microsoft windows xp * sp2
    microsoft windows xp * sp3
    microsoft windows xp - sp2
    microsoft internet explorer 6
    microsoft internet explorer 7
    microsoft internet explorer 8
    microsoft windows 2000 * sp4
    microsoft windows xp sp2
    microsoft windows server_2003 sp2
    microsoft windows server_2003 sp2
    microsoft windows server_2003 sp2
    microsoft windows xp sp2
    microsoft vbscript 5.6
    microsoft windows xp sp3
    microsoft vbscript 5.7
    microsoft vbscript 5.8
    microsoft ie 6.0
    microsoft ie 7.0
    microsoft ie 8.0