This Metasploit module exploits a code execution vulnerability that occurs when a user presses F1 on MessageBox originated from VBscript within a web page. When the user hits F1, the MessageBox help functionality will attempt to load and use a HLP file from an SMB or WebDAV (if the WebDAV redirector is enabled) server. This particular version of the exploit implements a WebDAV server that will serve HLP file as well as a payload EXE. During testing warnings about the payload EXE being unsigned were witnessed. A future version of this module might use other methods that do not create such a warning.
78422f19ea0d8bce6a74c02e6e26e1840301ad3c5fdd0f923caed537a2c47c13