As Abhijit Kulkarni yesterday blogged about the .HLP vulnerability in Windows XP. See details below in his blog. I observed that Microsoft has rated this vulnerability as “Medium risk” as it needs user intervention. We are monitoring for any malicious exploit of this vulnerability being made by any malware.
I see no reason why this vulnerability will not be exploited and hence recommend all our users to avoid pressing F1 in Windows XP when using the browser. If a website is showing a prompt or asking users to press F1 to perform certain activity, there may be chance that the website is infected by a malware exploiting this vulnerability.
If anybody comes across such website which is asking to press F1 repeatedly, please report it to us on viruslab at quickheal dot com