Unrated severityNVD Advisory· Published Mar 3, 2010· Updated Apr 29, 2026
CVE-2010-0483
CVE-2010-0483
Description
vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability."
Affected products
7- cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
20- isec.pl/vulnerabilities/isec-0027-msgbox-helpfile-ie.txtnvdExploit
- isec.pl/vulnerabilities10.htmlnvdExploit
- www.securityfocus.com/bid/38463nvdExploit
- www.metasploit.com/svn/framework3/trunk/modules/exploits/windows/browser/ie_winhlp32.rbnvdExploit
- blogs.technet.com/msrc/archive/2010/02/28/investigating-a-new-win32hlp-and-internet-explorer-issue.aspxnvdVendor Advisory
- blogs.technet.com/msrc/archive/2010/03/01/security-advisory-981169-released.aspxnvdVendor Advisory
- blogs.technet.com/srd/archive/2010/03/01/help-keypress-vulnerability-in-vbscript-enabling-remote-code-execution.aspxnvdVendor Advisory
- secunia.com/advisories/38727nvdVendor Advisory
- www.microsoft.com/technet/security/advisory/981169.mspxnvdVendor Advisory
- www.vupen.com/english/advisories/2010/0485nvdVendor Advisory
- www.kb.cert.org/vuls/id/612021nvdUS Government Resource
- www.us-cert.gov/cas/techalerts/TA10-103A.htmlnvdUS Government Resource
- securitytracker.com/idnvd
- www.computerworld.com/s/article/9163298/New_zero_day_involves_IE_puts_Windows_XP_users_at_risknvd
- www.osvdb.org/62632nvd
- www.theregister.co.uk/2010/03/01/ie_code_execution_bug/nvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-022nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/56558nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7170nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8654nvd
News mentions
0No linked articles in our index yet.