Microsoft Windows Web View command execution
| windows-web-view-command-execution (20380) |  High Risk |
Description:
Microsoft Window could allow a remote attacker to execute arbitrary code on the system, caused by a vulnerability in Web View when handling various HTML characters within preview fields. If a remote attacker persuades a user to preview a malicious file, the attacker could execute arbitrary code within the context of the victim and gain complete control over the targeted system. An attacker could use this vulnerability to view, change, delete or create new accounts with user privileges.
Platforms Affected:
- Microsoft, Windows 2000 SP4
- Microsoft, Windows 2000 SP3
- Microsoft, Windows 98
- Microsoft, Windows 98SE
- Microsoft, Windows Me
Remedy:
Apply the appropriate patch for your system, as listed in the Microsoft Security Bulletin MS05-024. See References.
For Windows 2000:
Apply the appropriate patch for your system, as listed in the Microsoft Security Bulletin MS05-049. See References.
Note: Microsoft originally provided a patch for this vulnerability in MS05-024, but it was superseded by the patch released with MS05-049.
Consequences:
Gain Access
References:
- CIAC INFORMATION BULLETIN P-202, Web View in Windows Explorer Vulnerability at http://www.ciac.org/ciac/bulletins/p-202.shtml.
- GreyMagic Security Advisory GM#015-IE, File Selection May Lead to Command Execution. at http://www.greymagic.com/security/advisories/gm015-ie/.
- Microsoft Security Bulletin MS05-024, Vulnerability in Web View Could Allow Remote Code Execution (894320) at http://www.microsoft.com/technet/security/Bulletin/MS05-024.mspx.
- Microsoft Security Bulletin MS05-049, Vulnerabilities in Windows Shell Could Allow Remote Code Execution (900725) at http://www.microsoft.com/technet/security/bulletin/ms05-049.mspx.
- BID-13248: Microsoft Windows Explorer Preview Pane Script Injection Vulnerability
- CVE-2005-1191: The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe () in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file.
- FrSIRT/ADV-2005-0509: Microsoft Windows 2000 Web View Vulnerability (MS05-024)
- US-CERT VU#668916: Microsoft Windows Explorer vulnerable to script injection via the Web View DLL
Reported:
May 10, 2005
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net