Vulnerability CVE-2004-1319


Published: 2004-12-15   Modified: 2012-02-12

Description:
The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.

Type:

CWE-Other

CVSS2 => (AV:N/AC:L/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Nortel -> Ip softphone 2050 
Nortel -> Mobile voice client 2050 
Nortel -> Optivity telephony manager 
Microsoft -> Windows 2000 
Microsoft -> Windows 2003 server 
Microsoft -> Windows 98 
Microsoft -> Windows 98se 
Microsoft -> Windows me 
Microsoft -> Windows xp 

 References:
http://archives.neohapsis.com/archives/bugtraq/2004-12/0167.html
http://www.kb.cert.org/vuls/id/356600
http://www.securityfocus.com/bid/11950
http://www.us-cert.gov/cas/techalerts/TA05-039A.html
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-013
https://exchange.xforce.ibmcloud.com/vulnerabilities/18504
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1114
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1701
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3464
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3851
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4758

Copyright 2024, cxsecurity.com

 

Back to Top