CVE-2005-1191

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows 2000; Windows 98se; Windows Me; Windows 98
Vendor: CVE Published:; 2 May 2005

Summary

The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file.

References

http://www.securityfocus.com/archive/1/396224

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/13248

vdb-entryx_refsource_BID

http://www.vupen.com/english/advisories/2005/0509

vdb-entryx_refsource_VUPEN

EPSS Score

3% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
May 2, 2005
Vulnerability Reserved
Apr 19, 2005

Collectors

NVD DatabaseMitre Database