CVE-2004-1319
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
15/12/2004
Last modified:
03/04/2025
Description
The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:nortel:ip_softphone_2050:*:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nortel:mobile_voice_client_2050:*:*:*:*:*:*:*:* | ||
| cpe:2.3:a:nortel:optivity_telephony_manager:*:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:* | ||
| cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://archives.neohapsis.com/archives/bugtraq/2004-12/0167.html
- http://freehost07.websamba.com/greyhats/abusiveparent-discussion.htm
- http://secunia.com/advisories/13482/
- http://www.kb.cert.org/vuls/id/356600
- http://www.securityfocus.com/bid/11950
- http://www.us-cert.gov/cas/techalerts/TA05-039A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-013
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18504
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1114
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1701
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3464
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3851
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4758
- http://archives.neohapsis.com/archives/bugtraq/2004-12/0167.html
- http://freehost07.websamba.com/greyhats/abusiveparent-discussion.htm
- http://secunia.com/advisories/13482/
- http://www.kb.cert.org/vuls/id/356600
- http://www.securityfocus.com/bid/11950
- http://www.us-cert.gov/cas/techalerts/TA05-039A.html
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-013
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18504
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1114
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1701
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3464
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3851
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4758