Beware Windows XP's F1 Help Bug
SEC Security Research has disclosed and Microsoft has confirmed a vulnerability in Internet Explorer versions 6, 7 and 8 that could allow remote code execution. Only Windows XP is vulnerable.
According the the advisory from iSEC, the attacker needs to elicit some cooperation from the user: The attack pops up a Windows messagebox (a simple dialog box with a button) loaded with VBScript. If the user presses F1, IE will load an attacker-supplied .HLP file with winhlp32.exe. iSEC also notes a stack overflow vulnerability in winhlp32 that they could use.
Microsoft's description of the issue basically supports all the claims by iSEC and adds some more facts.
:story: Full story: PC Magazine