CVE-2004-1319 - CVE Reference - Advisories

CVE Reference: CVE-2004-1319

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2004-1319

Description: The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/18504 SAID Secunia Advisory: SA13482 OVAL http://oval.mitre.org/oval/definitions/data/oval1701.html http://oval.mitre.org/oval/definitions/data/oval3464.html http://oval.mitre.org/oval/definitions/data/oval3851.html http://oval.mitre.org/oval/definitions/data/oval4758.html http://oval.mitre.org/oval/definitions/data/oval1114.html MS http://www.microsoft.com/technet/security/bulletin/ms05-013.mspx MISC http://freehost07.websamba.com/greyhats/abusiveparent-discussion.htm CERT-VN 356600 CERT http://www.us-cert.gov/cas/techalerts/TA05-039A.html BUGTRAQ http://archives.neohapsis.com/archives/bugtraq/2004-12/0167.html BID 11950

Return to the previous page.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	Linux Kernel LDT Buffer Size Handling Vulnerability

2.	Drupal Session Fixation Vulnerability

3.	OpenBSD BIND Query Port DNS Cache Poisoning

4.	Ubuntu update for php

5.	IPCop update for perl

6.	Red Hat update for kernel

7.	Slackware update for dnsmasq

8.	Debian update for xulrunner

9.	Red Hat update for thunderbird

10.	Fedora update for asterisk