InfoWorld: Microsoft has confirmed that it is investigating a VBScript flaw that puts Windows XP users running IE7 or IE8 at risk. The bug could allow hackers to put malware on users' systems, but only if they first convinced users to hit the F1 key.
"First an attacker needs to force a victim to visit a malicious Web page," explained Polish security analyst Maurycy Prodeus. "The victim must be using Windows XP [and] Internet Explorer. A bit of social engineering is required to persuade the victim to push F1 button when [a] VBScript pop-up is displayed."