CVE-2005-1191

Name of the Vulnerable Software and Affected Versions Windows 2000

Description The issue arises from the Web View DLL (webvw.dll) in Windows Explorer, which fails to properly filter an apostrophe in the author name of a document. This allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane. The attack is triggered when the user selects the file.

Recommendations For Windows 2000, at the moment, there is no information about a newer version that contains a fix for this vulnerability.