CVE-2005-2117
Description
A Windows Shell vulnerability in Web View preview fields allows remote code execution via crafted HTML.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A Windows Shell vulnerability in Web View preview fields allows remote code execution via crafted HTML.
Vulnerability
Web View in Windows Explorer on Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Windows Server 2003 (including SP1 and x64 editions) does not properly handle certain HTML characters in preview fields [1]. This remote code execution vulnerability, documented in MS05-049, can be triggered when a user visits a malicious web page or opens a specially crafted file that leverages the Web View functionality [1]. The preview pane in Explorer interprets crafted HTML content in a way that allows arbitrary code execution [1].
Exploitation
Exploitation requires user interaction, such as visiting a malicious website or opening a file that triggers Web View [1]. The attacker does not need authentication but must convince the user to perform an action that renders the crafted HTML in Windows Explorer's preview pane [1]. The vulnerability is remotely exploitable, but the attack vector is user-assisted [1].
Impact
Successful exploitation of this vulnerability allows an attacker to execute arbitrary code in the context of the logged-on user [1]. If the user has administrative privileges, the attacker could gain complete control of the affected system, install programs, view or modify data, and create new accounts with full rights [1]. The impact is remote code execution with the potential for full system compromise [1].
Mitigation
Microsoft released security update MS05-049 in October 2005 to address this vulnerability [1]. The update is available for all affected systems: Windows 2000 SP4, Windows XP SP1/SP2, Windows XP Professional x64 Edition, Windows Server 2003, and Windows Server 2003 for Itanium-based systems [1]. No workarounds are documented in the bulletin; applying the update is the recommended mitigation [1].
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
7cpe:2.3:a:microsoft:windows_explorer:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:windows_explorer:*:*:*:*:*:*:*:*
- (no CPE)
- cpe:2.3:o:microsoft:windows_2000:*:sp4:*:fr:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_xp:*:sp1:tablet_pc:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Improper handling of certain HTML characters in Windows Explorer's Web View preview fields allows script injection."
Attack vector
An attacker crafts a malicious HTML file or email attachment containing specially encoded HTML characters in preview fields. When a user views a folder containing this file in Windows Explorer's Web View (the HTML-based preview pane), the browser control improperly interprets the malformed HTML characters, allowing script injection. This enables the attacker to execute arbitrary code in the security context of the logged-on user. User interaction is required — the victim must navigate to the folder containing the malicious file using Windows Explorer [ref_id=1].
Affected code
The vulnerability exists in the Web View feature of Windows Explorer on Microsoft Windows 2000 Service Pack 4, Windows XP Service Pack 1 and Service Pack 2, and Windows Server 2003. The advisory does not specify particular function names or file paths, but identifies the affected component as the HTML preview rendering logic within Windows Explorer's Web View pane [ref_id=1].
What the fix does
The security update modifies the way Windows Explorer's Web View handles HTML characters in preview fields, ensuring that certain HTML characters are properly escaped or filtered before being rendered. This prevents script injection by neutralizing the specially crafted characters that previously bypassed the preview pane's input handling. The advisory does not provide a source-code diff, but states that the update "modifies the way that Windows Explorer handles HTML characters in preview fields" [ref_id=1].
Preconditions
- configThe victim must be using Windows 2000 SP4 (the only affected version per the severity table)
- inputThe victim must navigate to a folder containing the malicious file using Windows Explorer's Web View
- inputThe attacker must deliver a file with specially crafted HTML characters in its preview fields (e.g., via email attachment or web download)
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- www.us-cert.gov/cas/techalerts/TA05-284A.htmlnvdUS Government Resource
- secunia.com/advisories/17168nvd
- secunia.com/advisories/17172nvd
- secunia.com/advisories/17223nvd
- support.avaya.com/elmodocs2/security/ASA-2005-214.pdfnvd
- www.securityfocus.com/bid/15064nvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-049nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1291nvd
News mentions
0No linked articles in our index yet.