Web View Remote Code Execution VulnerabilityID: oval:org.mitre.oval:def:3585 | Date: (C)2005-05-13 (M)2021-07-09 |
Class: VULNERABILITY | Family: windows |
The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file.
Platform: |
Microsoft Windows 2000 |