Microsoft Windows Explorer vulnerable to script injection via the Web View DLL

Overview Windows Explorer is vulnerable to script injection via the Web View DLL. Exploitation of this vulnerability may lead to execution of arbitrary code. Description Windows Explorer uses the Web View DLL webvw.dll to display information about a selected file/folder file size, author, version...

CVE-2005-1191

The Web View DLL webvw.dll, as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe "'" in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when t...

CVE-2005-1191

The Web View DLL webvw.dll, as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe "'" in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when t...

CVE-2005-1191

Summary : CVE-2005-1191 affects the Web View DLL (webvw.dll) used by Windows Explorer on Windows 2000. The flaw arises from insufficient validation of the Author field in file metadata, allowing an attacker to craft a name that, when Web View creates a mailto: link in the preview pane, results in...