Unrated severityNVD Advisory· Published Mar 3, 2010· Updated Jun 16, 2026
CVE-2010-0483
CVE-2010-0483
Description
vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
20- isec.pl/vulnerabilities/isec-0027-msgbox-helpfile-ie.txtnvdExploit
- isec.pl/vulnerabilities10.htmlnvdExploit
- www.securityfocus.com/bid/38463nvdExploit
- www.metasploit.com/svn/framework3/trunk/modules/exploits/windows/browser/ie_winhlp32.rbnvdExploit
- blogs.technet.com/msrc/archive/2010/02/28/investigating-a-new-win32hlp-and-internet-explorer-issue.aspxnvdVendor Advisory
- blogs.technet.com/msrc/archive/2010/03/01/security-advisory-981169-released.aspxnvdVendor Advisory
- blogs.technet.com/srd/archive/2010/03/01/help-keypress-vulnerability-in-vbscript-enabling-remote-code-execution.aspxnvdVendor Advisory
- secunia.com/advisories/38727nvdVendor Advisory
- www.microsoft.com/technet/security/advisory/981169.mspxnvdVendor Advisory
- www.vupen.com/english/advisories/2010/0485nvdVendor Advisory
- www.kb.cert.org/vuls/id/612021nvdUS Government Resource
- www.us-cert.gov/cas/techalerts/TA10-103A.htmlnvdUS Government Resource
- securitytracker.com/idnvd
- www.computerworld.com/s/article/9163298/New_zero_day_involves_IE_puts_Windows_XP_users_at_risknvd
- www.osvdb.org/62632nvd
- www.theregister.co.uk/2010/03/01/ie_code_execution_bug/nvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-022nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/56558nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7170nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8654nvd
News mentions
0No linked articles in our index yet.