Oval Definition:oval:org.mitre.oval:def:3585
Revision Date:2011-05-16Version:46
Title:Web View Remote Code Execution Vulnerability
Description:The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2005-1191
Platform(s):Microsoft Windows 2000
Product(s):Windows Explorer
Definition Synopsis
  • Software section
  • Windows 2000 (sp4 or earlier) is installed
  • Windows 2000 is installed
  • AND NOT Win2K/XP/2003 service pack 5 (or later) is installed
  • AND the version of webvw.dll is less than 5.0.3900.7036
  • AND NOT the patch KB894320 is installed
  • AND Configuration section
  • Webview is Enabled
  • BACK