CVE-2005-2117

Properties

Published:
20.10.2005
Updated:
28.08.2006
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:L/AC:H/Au:NR/C:P/I:P/A:P/B:N) Approximated
    Product:
    Microsoft: Windows Explorer
    Microsoft: Windows XP

    Vulnerability description

    Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code.

    References:

    MS: http://www.microsoft.com/technet/security/bulletin/ms05-049.mspx
    CERT: http://www.us-cert.gov/cas/techalerts/TA05-284A.html
    Secunia: http://secunia.com/advisories/15017/
    OVAL: http://oval.mitre.org/oval/definitions/data/oval1291.html
    BID: http://www.securityfocus.com/bid/15064
    SECUNIA: http://secunia.com/advisories/17168
    http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf: http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf
    SECUNIA: http://secunia.com/advisories/17172
    SECUNIA: http://secunia.com/advisories/17223