| Vulnerability Name: | CVE-2005-2117 (CCN-22479) | ||||||||
| Assigned: | 2005-10-11 | ||||||||
| Published: | 2005-10-11 | ||||||||
| Updated: | 2018-10-12 | ||||||||
| Summary: | Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code. | ||||||||
| CVSS v3 Severity: | 5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Gain Access | ||||||||
| References: | Source: MITRE Type: CNA CVE-2005-2117 Source: CCN Type: SA17168 Microsoft Windows Shell and Web View Three Vulnerabilities Source: SECUNIA Type: UNKNOWN 17168 Source: CCN Type: SA17172 Avaya Various Products Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 17172 Source: CCN Type: SA17223 Nortel Centrex IP Client Manager Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 17223 Source: CONFIRM Type: UNKNOWN http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf Source: CCN Type: Microsoft Security Bulletin MS05-049 Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725) Source: BID Type: UNKNOWN 15064 Source: CCN Type: BID-15064 Microsoft Windows Explorer Web View Script Injection Vulnerability Source: CERT Type: US Government Resource TA05-284A Source: MS Type: UNKNOWN MS05-049 Source: XF Type: UNKNOWN Win-html-preview-execute-code(22479) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:1291 | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| Oval Definitions | |||||||||
| |||||||||
| BACK | |||||||||