Windows Explorer is vulnerable to script injection via the Web View DLL. Exploitation of this vulnerability may lead to execution of arbitrary code.
Windows Explorer uses the Web View DLL (webvw.dll) to display information about a selected file/folder (file size, author, version, creation date, etc.) within an HTML based preview pane. A vulnerable situation may arise when the webvw.dll is supplied a specially crafted author name embedded in the metadata of a file/folder. If the author name resembles an email address, the webvw.dll will create an email hyperlink to display in the preview pane. Please note that the preview pane and web view is enabled by default. Any application that uses webvw.dll may be vulnerable.
This issue affects Windows Explorer on the following platforms:
For a full list of affected platforms, please reference Microsoft Security Bulletin MS05-024.
If a remote attacker can persuade a user to select a specially crafted file with Windows Explorer, that attacker may be able to execute arbitrary code with the privileges of the compromised user.
Microsoft has released a patch in Security Bulletin MS05-024 to address this issue.
This vulnerability was reported in a GreyMagic security advisory and is resolved by Microsoft Security Bulletin MS05-024
|Date First Published:||2005-05-10|
|Date Last Updated:||2005-05-13 16:43 UTC|