Security researchers Polish Maurycy Prodeus company iSEC Security Research has revealed the vulnerabilities and exploit code public. According to Mr. Prodeus, hackers can exploit bugs to "inject" malicious code onto the victim's PC. Users are running IE7, IE8 is in danger.

Microsoft noted that they already know about this case. "Microsoft is investigating the claims of the community on new vulnerabilities in the use of VBScript and Windows Help files in Internet Explorer," said Jerry Bryant, director of the center MSRC (Microsoft Security Response Center) said. "According to a survey today, the Windows Vista operating system, Windows 7, Windows Server 2008, Windows Server 2008 R2 is not affected. Microsoft also has evidence showing that the error was exploited.

He Prodeus call this "logical flaws" and said, hackers could exploit by "pushing" malicious user (malicious "team lốt" file. "Hlp" Windows Help), then the theory Press F1 for when they pop-up page appears. He reviews vulnerability is the average risk because they need the interaction of the user.

A security researcher Cesar Cerrudo other is his, the head of the company Argeniss Information Security (Argentina) acknowledged his discovery and Prodeus said that the attack code of his success is due to run Prodeus abuse function "MsgBox () "of VBScript.

While waiting for a patch to Microsoft, Windows XP users should protect themselves by blocking TCP port 445 or not use IE anymore.