Windows Explorer Web View DLL Vulnerability in Windows 2000
CVE-2005-1191

Currently unrated

Key Information:

Vendor

Microsoft
Status
Windows 2000
Windows 98se
Windows Me
Windows 98
Vendor
CVE Published:
2 May 2005

What is CVE-2005-1191?

The Web View DLL, utilized by Windows Explorer on Windows 2000 systems, contains a flaw where it fails to correctly filter an apostrophe in the author name of documents. This defect can be exploited by attackers to execute arbitrary scripts when a mailto: link is constructed for the preview pane in Windows Explorer. By selecting a file with a specially crafted author name, an attacker could leverage the vulnerability to manipulate how scripts are executed, potentially leading to unauthorized actions on the user’s system.

References

http://www.securityfocus.com/archive/1/396224
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/bid/13248
vdb-entryx_refsource_BID
http://www.vupen.com/english/advisories/2005/0509
vdb-entryx_refsource_VUPEN

EPSS Score

30% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.