Oval Definition:	oval:org.mitre.oval:def:3585
Revision Date: 2011-05-16 Version: 46 Title: Web View Remote Code Execution Vulnerability Description: The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file. Family: windows Class: vulnerability Status: ACCEPTED Reference(s): CVE-2005-1191 Platform(s): Microsoft Windows 2000 Product(s): Windows Explorer Definition Synopsis Software section Windows 2000 (sp4 or earlier) is installed Windows 2000 is installed AND NOT Win2K/XP/2003 service pack 5 (or later) is installed AND the version of webvw.dll is less than 5.0.3900.7036 AND NOT the patch KB894320 is installed AND Configuration section Webview is Enabled
BACK