[ Thanks to E5Rebel
for this link. ]
“Microsoft has warned Windows XP users not to press the
F1 key when prompted by a website, as part of its reaction to an
unpatched vulnerability that hackers could exploit to hijack PCs
running Internet Explorer (IE).“In a security advisory issued on Monday, Microsoft confirmed
the unpatched bug in VBScript that Polish researcher Maurycy
Prodeus had revealed on Friday, offered more information on the
flaw and provided some advice on how to protect PCs until a patch
shipped.“”The vulnerability exists in the way that VBScript interacts
with Windows Help files when using Internet Explorer,” read the
advisory. “If a malicious website displayed a specially crafted
dialog box and a user pressed the F1 key, arbitrary code could be
executed in the security context of the currently logged-on
user.””