Test ID:	1.3.6.1.4.1.25623.1.0.902159
Category:	Windows : Microsoft Bulletins
Title:	Microsoft VBScript Scripting Engine Remote Code Execution Vulnerability (980232)
Summary:	Check for the vulnerable 'Vbscript.dll' file version
Description:	Overview: This host is missing a critical security update according to Microsoft Bulletin MS10-022. Vulnerability Insight: The flaw exists in the way 'VBScript' interacts with Windows Help files when using Internet Explorer. If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, it allows arbitrary code to be executed in the security context of the currently logged-on user. Impact: Successful exploitation could allow remote attackers to crash an affected system or execute arbitrary code by tricking a user into visiting a specially crafted web page. Impact Level: System Affected Software/OS: Micorsoft Windows 7 Microsoft Windows 2000 Service Pack 4 and prior Microsoft Windows XP Service Pack 3 and prior Microsoft Windows 2003 Service Pack 2 and prior Microsoft Windows Vista Service Pack 1/2 and prior. Microsoft Windows Server 2008 Service Pack 1/2 and prior. Fix: Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://www.microsoft.com/technet/security/bulletin/ms10-022.mspx References: http://securitytracker.com/alerts/2010/Mar/1023668.html http://www.microsoft.com/technet/security/advisory/981169.mspx http://www.microsoft.com/technet/security/bulletin/ms10-022.mspx
Cross-Ref:	BugTraq ID: 38463 Common Vulnerability Exposure (CVE) ID: CVE-2010-0483 http://isec.pl/vulnerabilities/isec-0027-msgbox-helpfile-ie.txt http://isec.pl/vulnerabilities10.html http://www.computerworld.com/s/article/9163298/New_zero_day_involves_IE_puts_Windows_XP_users_at_risk http://www.theregister.co.uk/2010/03/01/ie_code_execution_bug/ https://www.metasploit.com/svn/framework3/trunk/modules/exploits/windows/browser/ie_winhlp32.rb Microsoft Security Bulletin: MS10-022 http://www.microsoft.com/technet/security/Bulletin/MS10-022.mspx Cert/CC Advisory: TA10-103A http://www.us-cert.gov/cas/techalerts/TA10-103A.html CERT/CC vulnerability note: VU#612021 http://www.kb.cert.org/vuls/id/612021 http://www.securityfocus.com/bid/38463 http://www.osvdb.org/62632 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7170 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8654 http://securitytracker.com/id?1023668 http://secunia.com/advisories/38727 http://www.vupen.com/english/advisories/2010/0485 XForce ISS Database: ms-win-msgbox-code-execution(56558) http://xforce.iss.net/xforce/xfdb/56558
Copyright	Copyright (C) 2010 SecPod

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: