CVE-2004-1319 Information

Description

The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window opening a child page whose target is the window with the given name then injecting the script from the parent into the child using execScript as demonstrated by \AbusiveParent\ in Internet Explorer 6.0.2900.2180.

Reference

http://archives.neohapsis.com/archives/bugtraq/2004-12/0167.html http://freehost07.websamba.com/greyhats/abusiveparent-discussion.htm http://secunia.com/advisories/13482/ http://www.kb.cert.org/vuls/id/356600 http://www.securityfocus.com/bid/11950 http://www.us-cert.gov/cas/techalerts/TA05-039A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-013 https://exchange.xforce.ibmcloud.com/vulnerabilities/18504 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1114 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1701 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A3464 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A3851 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A4758