CVE Vulnerabilities

CVE-2004-1319

Published: Dec 15, 2004 | Modified: Apr 30, 2019
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by AbusiveParent in Internet Explorer 6.0.2900.2180.

Affected Software

Name Vendor Start Version End Version
Ip_softphone_2050 Nortel * *
Mobile_voice_client_2050 Nortel * *
Optivity_telephony_manager Nortel * *
Windows_2000 Microsoft * *
Windows_2003_server Microsoft enterprise (including) enterprise (including)
Windows_2003_server Microsoft enterprise_64-bit (including) enterprise_64-bit (including)
Windows_2003_server Microsoft r2 (including) r2 (including)
Windows_2003_server Microsoft standard (including) standard (including)
Windows_2003_server Microsoft web (including) web (including)
Windows_98 Microsoft * *
Windows_98se Microsoft * *
Windows_me Microsoft * *
Windows_xp Microsoft * *

References