Vulnerability Description
The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Windows 2000 | All versions |
| Microsoft | Windows 98 | All versions |
| Microsoft | Windows 98Se | All versions |
| Microsoft | Windows Me | All versions |
References
- http://security.greymagic.com/security/advisories/gm015-ieExploitPatch
- http://www.securityfocus.com/archive/1/396224Exploit
- http://www.securityfocus.com/bid/13248ExploitPatchVendor Advisory
- http://www.vupen.com/english/advisories/2005/0509
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-02
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20380
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://security.greymagic.com/security/advisories/gm015-ieExploitPatch
- http://www.securityfocus.com/archive/1/396224Exploit
- http://www.securityfocus.com/bid/13248ExploitPatchVendor Advisory
- http://www.vupen.com/english/advisories/2005/0509
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-02
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20380
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2005-1191?
CVE-2005-1191 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows attackers to execute arbi...
How severe is CVE-2005-1191?
CVE-2005-1191 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1191?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Windows 2000, Microsoft Windows 98, Microsoft Windows 98Se, Microsoft Windows Me.