Microsoft updates on 'VBScript and win32hlp in Internet Explorer issue'

Microsoft published a white paper on the issue that “involves the use of VBScript and Windows Help files in Internet Explorer. Windows Help files are included in a long list of what we refer to as “unsafe file types”. These’re file types that’re designed to invoke automatic actions during normal use of the files. While […]

Microsoft published a white paper on the issue that “involves the use of VBScript and Windows Help files in Internet Explorer. Windows Help files are included in a long list of what we refer to as “unsafe file types”. These’re file types that’re designed to invoke automatic actions during normal use of the files. While they can be very valuable productivity tools, they can also be used by attackers to try and compromise a system.” “On Feb 26, an issue was posted publicly that could allow an attacker to host a maliciously crafted web page and run arbitrary code if they could convince a user to visit the web page and then get them to press the F1 key in response to a pop up dialog box. We’ve determined that users running Windows 7, Windows Server 2008 R2, Windows Server 2008, and Windows Vista, aren’t affected by this issue,” reports MSRC.

Download: Understanding Executable Content in Microsoft Products (white paper)

Update: Microsoft released Security Advisory 981169