NVD

Id
66940  
Name
CVE-2005-1191  
Description
The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:N/I:P/A:N)  
Pub Date
2017-07-18  
Published
2005-05-02  
Modified Date
2017-07-10  
Seq
2005-1191  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
347571 66940 CVE-2005-1191 oval:org.mitre.oval:def:3585  View
347572 66940 CVE-2005-1191 http://security.greymagic.com/security/advisories/gm015-ie  View
347573 66940 CVE-2005-1191 MS05-024  View
347574 66940 CVE-2005-1191 20050419 File Selection May Lead to Command Execution (GM#015-IE)  View
347575 66940 CVE-2005-1191 13248  View
347576 66940 CVE-2005-1191 ADV-2005-0509  View
347577 66940 CVE-2005-1191 windows-web-view-command-execution(20380)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
62075 JVNDB-2005-000277 Microsoft Windows の webvw.dll におけるスクリプトコードを挿入される脆弱性 Microsoft Windows に含まれている Web ビューライブラリ webvw.dll では、文書ファイルの作成者フィールドのサニタイズが不適切であるため、スクリプトコードを挿入可能である脆弱性が存在します。 CVE-2005-1191 12395 CVE-2005-1191 66940 5 http://jvndb.jvn.jp/ja/contents/2005/JVNDB-2005-000277.html 2005-04-20 2007-04-01 View