CVE-2005-1191

CVE Database · CVE-2005-1191

CVE-2005-1191

· N/AModified

CVSS v3.1

N/A

EPSS

17.11%

Published

May 2, 2005

Modified

Apr 15, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBMicrosoft Windows 98/2000 Explorer - Preview Pane Script Injection TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file.

Affected Products (8)

microsoft · windows_2000vulnerable

microsoft · windows_98vulnerable

microsoft · windows_98sevulnerable

microsoft · windows_mevulnerable

References (14)

http://security.greymagic.com/security/advisories/gm015-ie

ExploitPatch

http://www.securityfocus.com/archive/1/396224

Exploit

http://www.securityfocus.com/bid/13248

ExploitPatchVendor Advisory

http://www.vupen.com/english/advisories/2005/0509

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-024

https://exchange.xforce.ibmcloud.com/vulnerabilities/20380

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3585

http://security.greymagic.com/security/advisories/gm015-ie

KEV Catalog EPSS Scores Vendors All CVEs