Lucene search

[email protected]NVD:CVE-2005-1191

HistoryMay 02, 2005 - 4:00 a.m.

CVE-2005-1191

2005-05-0204:00:00

[email protected]

web.nvd.nist.gov

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.1 High

AI Score

Confidence

High

0.235 Low

EPSS

Percentile

96.6%

JSON

The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe (“'”) in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file.

Affected configurations

NVD

Node

microsoftwindows_2000

microsoftwindows_2000sp1

microsoftwindows_2000sp2

microsoftwindows_2000sp3

microsoftwindows_2000sp4

microsoftwindows_98gold

microsoftwindows_98se

microsoftwindows_me

References

security.greymagic.com/security/advisories/gm015-ie

www.securityfocus.com/archive/1/396224

www.securityfocus.com/bid/13248

www.vupen.com/english/advisories/2005/0509

docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-024

exchange.xforce.ibmcloud.com/vulnerabilities/20380

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3585

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

7.1 High

AI Score

Confidence

High

0.235 Low

EPSS

Percentile

96.6%

JSON

Related for NVD:CVE-2005-1191

cve1 cvelist1 checkpoint_advisories1 nessus1 cert1