Back to search
CVE-2005-1191
Published: Apr 19, 2005
Modified: Aug 7, 2024
PUBLISHED
Description
The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20050419 File Selection May Lead to Command Execution (GM#015-IE)
mailing-list
x_refsource_BUGTRAQ
13248
vdb-entry
x_refsource_BID
ADV-2005-0509
vdb-entry
x_refsource_VUPEN
windows-web-view-command-execution(20380)
vdb-entry
x_refsource_XF
http://security.greymagic.com/security/advisories/gm015-ie
x_refsource_MISC
MS05-024
vendor-advisory
x_refsource_MS
oval:org.mitre.oval:def:3585
vdb-entry
signature
x_refsource_OVAL
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now