The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.
References
Configurations
Configuration 1 (hide)
|
History
20 Nov 2024, 23:50
Type | Values Removed | Values Added |
---|---|---|
References | () http://archives.neohapsis.com/archives/bugtraq/2004-12/0167.html - Exploit, Vendor Advisory | |
References | () http://freehost07.websamba.com/greyhats/abusiveparent-discussion.htm - | |
References | () http://secunia.com/advisories/13482/ - Patch, Vendor Advisory | |
References | () http://www.kb.cert.org/vuls/id/356600 - Patch, Third Party Advisory, US Government Resource | |
References | () http://www.securityfocus.com/bid/11950 - Exploit, Patch, Vendor Advisory | |
References | () http://www.us-cert.gov/cas/techalerts/TA05-039A.html - Patch, Third Party Advisory, US Government Resource | |
References | () https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-013 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/18504 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1114 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1701 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3464 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3851 - | |
References | () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4758 - |
Information
Published : 2004-12-15 05:00
Updated : 2024-11-20 23:50
NVD link : CVE-2004-1319
Mitre link : CVE-2004-1319
CVE.ORG link : CVE-2004-1319
JSON object : View
Products Affected
microsoft
- windows_me
- windows_98
- windows_xp
- windows_98se
- windows_2000
- windows_2003_server
nortel
- mobile_voice_client_2050
- ip_softphone_2050
- optivity_telephony_manager
CWE