SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   OS (Microsoft)  >   Windows Explorer Vendors:   Microsoft
(Vendor Issues Fix) Microsoft Windows Explorer 'webvw.dll' Input Validation Error Lets Remote Users Execute Arbitrary Scripting Code
SecurityTracker Alert ID:  1013929
SecurityTracker URL:  http://securitytracker.com/id/1013929
CVE Reference:   CVE-2005-1191   (Links to External Site)
Date:  May 10 2005
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2000
Description:   A vulnerability was reported in Microsoft Windows Explorer in 'webvw.dll'. A remote user can cause arbitrary scripting code to be executed when a file is selected in Windows Explorer.

The Web View preview pane does not properly filter a document author's name when displaying the name. In addition, names that resemble an e-mail address are converted into a 'mailto:' HTML link.

A remote user can create a document with a specially crafted author name that contains arbitrary scripting code. When the target user selects the file via Windows Explorer when in the Web View mode, the scripting code will be executed on the target user's system. The file itself does not need to be executed.

The scripting code will run in the Local Computer zone.

Windows classic folders are not affected.

A demonstration exploit author field value is provided:

a@b' style='background-image:url(javascript:alert("Successful injection!"))'

Some demonstration exploit examples are available at:

http://security.greymagic.com/security/advisories/gm015-ie/

The original advisory is available at:

http://www.greymagic.com/security/advisories/gm015-ie/

GreyMagic Security reported this vulnerability.

Impact:   A remote user can create a file that, when selected (but not necessarily executed) in Windows Explorer in Web View mode, will execute arbitrary scripting code in the Local Computer zone.
Solution:   The vendor has issued the following fixes:

Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?FamilyId=67581D32-743F-44FF-9B53-30277C196923

A restart is required after applying this patch.

Vendor URL:  www.microsoft.com/technet/security/Bulletin/MS05-024.mspx (Links to External Site)
Cause:   Input validation error

Message History:   This archive entry is a follow-up to the message listed below.
Apr 19 2005 Microsoft Windows Explorer 'webvw.dll' Input Validation Error Lets Remote Users Execute Arbitrary Scripting Code



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC