1. CVE-Search
  2. CVE-2005-2117
ID CVE-2005-2117
Summary Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:windows_explorer:*:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:windows_explorer:*:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*
    cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*
  • cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
  • cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
    cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
CVSS
Base: 5.1 (as of 12-10-2018 - 21:37)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
oval via4
accepted 2011-05-16T04:00:47.926-04:00
class vulnerability
contributors
  • name Robert L. Hollis
    organization ThreatGuard, Inc.
  • name John Hoyland
    organization Centennial Software
  • name Shane Shaffer
    organization G2, Inc.
  • name Sudhir Gandhe
    organization Telos
  • name Shane Shaffer
    organization G2, Inc.
description Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code.
family windows
id oval:org.mitre.oval:def:1291
status accepted
submitted 2005-10-12T12:00:00.000-04:00
title Windows Explorer Web View Script Injection Vulnerability
version 69
refmap via4
bid 15064
cert TA05-284A
confirm http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf
secunia
  • 17168
  • 17172
  • 17223
Last major update 12-10-2018 - 21:37
Published 21-10-2005 - 18:02
Last modified 12-10-2018 - 21:37
Back to Top