Microsoft Windows 98/2000 Explorer Preview Pane Script Injection Vulnerability

2005-04-19T00:00:00
ID EDB-ID:25454
Type exploitdb
Reporter GreyMagic Software
Modified 2005-04-19T00:00:00

Description

Microsoft Windows 98/2000 Explorer Preview Pane Script Injection Vulnerability. CVE-2005-1191. Remote exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/13248/info

Microsoft Windows Explorer is prone to a script injection vulnerability. This occurs when the Windows Explorer preview pane (Web View) is enabled on Windows 2000 computers. Windows 98/98SE/ME are also affected by this issue. If a file with malicious attributes is selected using Explorer, script code contained in the attribute fields may be executed with the privilege level of the user that invoked Explorer. This could be exploited to gain unauthorized access to the vulnerable computer in the context of the currently logged in user. 

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/25454-1.doc

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/25454-2.doc

https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/sploits/25454-3.doc