Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1319

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-1319
Last Modified 10 Sep 2008 03:29:52
Published 15 Dec 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1319

Summary

The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.

Vulnerable Systems

Operating System

  • Microsoft Windows 2000

  • Microsoft Windows 2003 Server Enterprise

  • Microsoft Windows 2003 Server Enterprise 64-bit

  • Microsoft Windows 2003 Server R2

  • Microsoft Windows 2003 Server Standard

  • Microsoft Windows 2003 Server Web

  • Microsoft Windows 98

  • Microsoft Windows 98se

  • Microsoft Windows Me

  • Microsoft Windows Xp

Application

  • Nortel Ip Softphone 2050

  • Nortel Mobile Voice Client 2050

  • Nortel Optivity Telephony Manager


References

CERT - TA05-039A

CERT-VN - VU#356600

XF - ie-dhtml-xss(18504)

BID - 11950

MS - MS05-013

SECUNIA - 13482

BUGTRAQ - 20041215 MSIE DHTML Edit Control Cross Site Scripting Vulnerability


Last Updated: 27 May 2016 10:38:59