Microsoft Windows 2000 Service Pack 4 and prior contain a vulnerability within the Windows Explorer preview pane (Web view) that can allow a remote attacker to execute arbitrary HTML or script code. The vulnerability requires that a malicious file be placed on the system.
Windows Explorer is configured by default to display metadata about a file within the preview pane. An error exists in the library used to examine the metadata of the currently selected file. If the author name resembles an e-mail address, a mailto: link is created from this information and presented to the user as the author information. The library fails to filter malicious characters and character sequences during the transformation. An attacker who
can place a file on the system could cause arbitrary HTML or script code to be execute when selected. The file does not need to be double-clicked, but simply selected. An attacker could utilize this issue to execute arbitrary script on the system with the privileges of the current user in the unrestricted zone.
Exploit code is available to demonstrate the vulnerability.
Patches are unavailable.