Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-1191


Vulnerability Score 5.0 5.0
CVE Id CVE-2005-1191
Last Modified 07 Mar 2011 09:21:13
Published 02 May 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 98

  • Microsoft Windows 98se

  • Microsoft Windows Me


BID - 13248


XF - windows-web-view-command-execution(20380)

VUPEN - ADV-2005-0509

BUGTRAQ - 20050419 File Selection May Lead to Command Execution (GM#015-IE)

MS - MS05-024

Last Updated: 27 May 2016 10:40:04