CVE-2005-2117 Information

Description

Web View in Windows Explorer on Microsoft Windows 2000 SP4 XP SP1 and SP2 and Server 2003 does not properly handle certain HTML characters in preview fields which allows remote user-assisted attackers to execute arbitrary code.

Reference

http://secunia.com/advisories/17168 http://secunia.com/advisories/17172 http://secunia.com/advisories/17223 http://support.avaya.com/elmodocs2/security/ASA-2005-214.pdf http://www.securityfocus.com/bid/15064 http://www.us-cert.gov/cas/techalerts/TA05-284A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-049 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1291