CVE-2010-0483

Name of the Vulnerable Software and Affected Versions VBScript versions 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows

Description The issue allows user-assisted remote attackers to execute arbitrary code by referencing a local pathname, UNC share pathname, or WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed.

Recommendations For VBScript versions 5.1, 5.6, 5.7, and 5.8, consider disabling the MsgBox function until a patch is available. Restrict access to the winhlp32.exe to minimize the risk of exploitation. Avoid using the helpfile argument in the MsgBox function until the issue is resolved.