CVE-2004-1319

Published: Dec 15, 2004Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.

Affected (27)

Products: Microsoft: Windows 2000, Windows 2003 Server, Windows 98, Windows 98se, Windows Me, Windows Xp · Nortel: Ip Softphone 2050, Mobile Voice Client 2050, Optivity Telephony Manager

6 products

Windows 2003 Server

3 products

Ip Softphone 2050

Mobile Voice Client 2050

Optivity Telephony Manager

Configuration A

27 vulnerable

Vulnerable Software	Affected Versions
Microsoft Windows 2000	All versions
Microsoft Windows 2000	All versions
Microsoft Windows 2000	All versions
Microsoft Windows 2000	All versions
Microsoft Windows 2000	All versions
Microsoft Windows 2003 Server	Version enterprise
Microsoft Windows 2003 Server	Version enterprise_64-bit
Microsoft Windows 2003 Server	Version r2
Microsoft Windows 2003 Server	Version r2
Microsoft Windows 2003 Server	Version standard
Microsoft Windows 2003 Server	Version web
Microsoft Windows 98	All versions
Microsoft Windows 98se	All versions
Microsoft Windows Me	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Microsoft Windows Xp	All versions
Nortel Ip Softphone 2050	All versions
Nortel Mobile Voice Client 2050	All versions
Nortel Optivity Telephony Manager	All versions

References (26)

http://archives.neohapsis.com/archives/bugtraq/2004-12/0167.html

Source: cve@mitre.org

ExploitVendor Advisory

http://freehost07.websamba.com/greyhats/abusiveparent-discussion.htm

Source: cve@mitre.org

http://secunia.com/advisories/13482/

Source: cve@mitre.org

PatchVendor Advisory

http://www.kb.cert.org/vuls/id/356600

Source: cve@mitre.org

PatchThird Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/11950

Source: cve@mitre.org

ExploitPatchVendor Advisory

http://www.us-cert.gov/cas/techalerts/TA05-039A.html

Source: cve@mitre.org

PatchThird Party AdvisoryUS Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-013

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/18504

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1114

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1701

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3464

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3851

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4758

Source: cve@mitre.org

http://archives.neohapsis.com/archives/bugtraq/2004-12/0167.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

http://freehost07.websamba.com/greyhats/abusiveparent-discussion.htm

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/13482/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.kb.cert.org/vuls/id/356600

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party AdvisoryUS Government Resource

http://www.securityfocus.com/bid/11950

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchVendor Advisory

http://www.us-cert.gov/cas/techalerts/TA05-039A.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party AdvisoryUS Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-013

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/18504

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1114

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1701

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3464

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3851

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4758

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.