oval:org.mitre.oval:def:3585

Definition Id: oval:org.mitre.oval:def:3585

Oval ID:	oval:org.mitre.oval:def:3585
Title:	Web View Remote Code Execution Vulnerability
Description:	The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2005-1191	Version:	6
Platform(s):	Microsoft Windows 2000	Product(s):	Windows Explorer
Definition Synopsis:
Software section Windows 2000 (sp4 or earlier) is installed Windows 2000 is installed AND NOT Win2K/XP/2003 service pack 5 (or later) is installed AND the version of webvw.dll is less than 5.0.3900.7036 AND NOT the patch KB894320 is installed AND Configuration section Webview is Enabled