Vulnerability Details : CVE-2010-0483
Public exploit exists!
vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability."
Vulnerability category: Execute code
Products affected by CVE-2010-0483
- cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2010-0483
81.70%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 99 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2010-0483
-
MS10-022 Microsoft Internet Explorer Winhlp32.exe MsgBox Code Execution
Disclosure Date: 2010-02-26First seen: 2020-04-26exploit/windows/browser/ms10_022_ie_vbscript_winhlp32This module exploits a code execution vulnerability that occurs when a user presses F1 on MessageBox originated from VBscript within a web page. When the user hits F1, the MessageBox help functionality will attempt to load and use a HLP file from an SMB or WebDAV (
CVSS scores for CVE-2010-0483
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.6
|
HIGH | AV:N/AC:H/Au:N/C:C/I:C/A:C |
4.9
|
10.0
|
NIST |
CWE ids for CVE-2010-0483
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-0483
-
https://www.metasploit.com/svn/framework3/trunk/modules/exploits/windows/browser/ie_winhlp32.rb
Exploit
-
http://isec.pl/vulnerabilities/isec-0027-msgbox-helpfile-ie.txt
Exploit
-
http://www.theregister.co.uk/2010/03/01/ie_code_execution_bug/
IE code execution bug can bite older Windows • The Register
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-022
Microsoft Security Bulletin MS10-022 - Important | Microsoft Docs
-
http://blogs.technet.com/msrc/archive/2010/02/28/investigating-a-new-win32hlp-and-internet-explorer-issue.aspx
Page not found – Microsoft Security Response CenterVendor Advisory
-
http://www.vupen.com/english/advisories/2010/0485
Webmail | OVH- OVHVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/56558
Microsoft Windows MsgBox() code execution CVE-2010-0483 Vulnerability Report
-
http://www.kb.cert.org/vuls/id/612021
VU#612021 - Internet Explorer VBScript Windows Help arbitrary code executionUS Government Resource
-
http://secunia.com/advisories/38727
Sign inVendor Advisory
-
http://isec.pl/vulnerabilities10.html
404 Not FoundExploit
-
http://www.computerworld.com/s/article/9163298/New_zero_day_involves_IE_puts_Windows_XP_users_at_risk
New zero-day involves IE, puts Windows XP users at risk | Computerworld
-
http://blogs.technet.com/srd/archive/2010/03/01/help-keypress-vulnerability-in-vbscript-enabling-remote-code-execution.aspx
Page not found – Microsoft Security Response CenterVendor Advisory
-
http://www.osvdb.org/62632
404 Not Found
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8654
Repository / Oval Repository
-
http://blogs.technet.com/msrc/archive/2010/03/01/security-advisory-981169-released.aspx
Page not found – Microsoft Security Response CenterVendor Advisory
-
http://www.securityfocus.com/bid/38463
Microsoft VBScript 'winhlp32.exe' 'MsgBox()' Remote Code Execution VulnerabilityExploit
-
http://securitytracker.com/id?1023668
Windows VBScript Script Engine Flaw in Processing Windows Help Files Lets Remote Users Execute Arbitrary Code - SecurityTracker
-
http://www.microsoft.com/technet/security/advisory/981169.mspx
Technical documentation, API, and code examples | Microsoft DocsVendor Advisory
-
http://www.us-cert.gov/cas/techalerts/TA10-103A.html
Alerts | CISAUS Government Resource
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7170
Repository / Oval Repository
Jump to