5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
7.2 High
AI Score
Confidence
High
0.839 High
EPSS
Percentile
98.5%
Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code.
CPE | Name | Operator | Version |
---|---|---|---|
microsoft:windows_explorer | microsoft windows explorer | eq | * |
secunia.com/advisories/17168
secunia.com/advisories/17172
secunia.com/advisories/17223
support.avaya.com/elmodocs2/security/ASA-2005-214.pdf
www.securityfocus.com/bid/15064
www.us-cert.gov/cas/techalerts/TA05-284A.html
docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-049
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1291