5

CVE-2005-1191

Exploit

EPSS 40.07%
Published 02.05.2005 04:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file.

Affected products Warnungen 0 Metrics 2 CWE 0 References 10

Data is provided by the National Vulnerability Database (NVD)

Microsoft ≫ Windows 2000

Microsoft ≫ Windows 2000 Updatesp1

Microsoft ≫ Windows 2000 Updatesp2

Microsoft ≫ Windows 2000 Updatesp3

Microsoft ≫ Windows 2000 Updatesp4

Microsoft ≫ Windows 98 Updategold

Microsoft ≫ Windows 98se

Microsoft ≫ Windows Me

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	40.07%	0.972

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

http://security.greymagic.com/security/advisories/gm015-ie

Patch

Exploit

http://www.securityfocus.com/archive/1/396224

Exploit

http://www.securityfocus.com/bid/13248

Patch

Vendor Advisory

Exploit

http://www.vupen.com/english/advisories/2005/0509

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-024

https://exchange.xforce.ibmcloud.com/vulnerabilities/20380

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3585

https://nvd.nist.gov/vuln/detail/CVE-2005-1191

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-1191

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-1191

EUVD