CVE-2004-1319

Currently unrated

Key Information:

Vendor: Microsoft
Status: Windows Xp; Optivity Telephony Manager; Windows 2003 Server; Windows 2000
Vendor: CVE Published:; 15 December 2004

Summary

The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.

References

http://secunia.com/advisories/13482/

third-party-advisoryx_refsource_SECUNIA

https://exchange.xforce.ibmcloud.com/vulnerabilities/18504

vdb-entryx_refsource_XF

http://www.us-cert.gov/cas/techalerts/TA05-039A.html

third-party-advisoryx_refsource_CERT

EPSS Score

7% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Jan 6, 2005
Vulnerability published
Dec 15, 2004

Collectors

NVD DatabaseMitre Database