1. Summary

The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer. If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user.

2. Affected Software

 - Microsoft Internet Explorer 7.0.5730 .11
 - Microsoft Internet Explorer 8 RC1
 - Microsoft Internet Explorer 8
 - Microsoft Internet Explorer 7.0
 - Microsoft Internet Explorer 6.0 SP1
 - Microsoft Internet Explorer 6.0

3. Solution

Currently, the security update for this vulnerability has not been released, thus please do not visit the untrusted websites and access to Windows help file.

** How to restrict/cancel the access to Windows help file from the command Window. 

 - Command for restriction: echo Y | cacls "%windir%\winhlp32.exe" /E /P everyone:N
 - Command for cancellation: echo Y | cacls "%windir%\winhlp32.exe" /E /R everyone
 - You shouldn't press key [F1] on using Internet Explorer.

By setting JavaScript to be disabled, user can encounter against the vulnerability temporarily untill security update release. (In case of setting JavaScript to be disabled, sites may not be worked properly.)

 - Internet Explorer>Tools>Internet Options>Security>Internet>Custom level>Set disable for "Active Scripting"

4. Link

http://www.microsoft.com/technet/security/advisory/981169.mspx