Microsoft has published a blog entry in which they state that they are investigating issue that could allow an attacker to could allow an attacker to host a maliciously crafted web page and run arbitrary code if they could convince a user to visit the web page and then get them to press the F1 key in response to a pop up dialog box.
The issue in question involves the use of VBScript and Windows Help files in Internet Explorer. Windows Help files are included in a long list of what we refer to as “unsafe file types”. These are file types that are designed to invoke automatic actions during normal use of the files.
According to Microsoft, users running Windows 7, Windows Server 2008 R2, Windows Server 2008 and Windows Vista, are not affected by the issue.
There is not released a workaround solution for affected systems yet. Microsoft has promised to provide new information when it becomes available.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment