CVE-2004-1319 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2004-1319
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2004-1319

Description: The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/18504 SAID Secunia Advisory: SA13482 OVAL http://oval.mitre.org/oval/definitions/data/oval1701.html http://oval.mitre.org/oval/definitions/data/oval3464.html http://oval.mitre.org/oval/definitions/data/oval3851.html http://oval.mitre.org/oval/definitions/data/oval4758.html http://oval.mitre.org/oval/definitions/data/oval1114.html MS http://www.microsoft.com/technet/security/bulletin/ms05-013.mspx MISC http://freehost07.websamba.com/greyhats/abusiveparent-discussion.htm CERT-VN 356600 CERT http://www.us-cert.gov/cas/techalerts/TA05-039A.html BUGTRAQ http://archives.neohapsis.com/archives/bugtraq/2004-12/0167.html BID 11950

Return to the previous page.