The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows malicious users to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft windows 2000 |
||
microsoft windows 98 |
||
microsoft windows 98se |
||
microsoft windows me |