CVE-2004-1319
Summary
| CVE | CVE-2004-1319 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2004-12-15 05:00:00 UTC |
| Updated | 2025-04-03 01:03:51 UTC |
| Description | The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180. |
Risk And Classification
Primary CVSS: v2.0 5 from [email protected]
AV:N/AC:L/Au:N/C:N/I:P/A:N
Problem Types: NVD-CWE-Other | n/a
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
NoneIntegrity
PartialAvailability
NoneAV:N/AC:L/Au:N/C:N/I:P/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Microsoft | Windows 2000 | All | All | All | All |
| Operating System | Microsoft | Windows 2000 | All | sp1 | All | All |
| Operating System | Microsoft | Windows 2000 | All | sp2 | All | All |
| Operating System | Microsoft | Windows 2000 | All | sp3 | All | All |
| Operating System | Microsoft | Windows 2000 | All | sp4 | All | All |
| Operating System | Microsoft | Windows 2003 Server | enterprise | All | 64-bit | All |
| Operating System | Microsoft | Windows 2003 Server | enterprise_64-bit | All | All | All |
| Operating System | Microsoft | Windows 2003 Server | r2 | All | 64-bit | All |
| Operating System | Microsoft | Windows 2003 Server | r2 | All | datacenter_64-bit | All |
| Operating System | Microsoft | Windows 2003 Server | standard | All | 64-bit | All |
| Operating System | Microsoft | Windows 2003 Server | web | All | All | All |
| Operating System | Microsoft | Windows 98 | All | gold | All | All |
| Operating System | Microsoft | Windows 98se | All | All | All | All |
| Operating System | Microsoft | Windows Me | All | All | All | All |
| Operating System | Microsoft | Windows Xp | All | All | 64-bit | All |
| Operating System | Microsoft | Windows Xp | All | All | home | All |
| Operating System | Microsoft | Windows Xp | All | All | media_center | All |
| Operating System | Microsoft | Windows Xp | All | gold | professional | All |
| Operating System | Microsoft | Windows Xp | All | sp1 | 64-bit | All |
| Operating System | Microsoft | Windows Xp | All | sp1 | home | All |
| Operating System | Microsoft | Windows Xp | All | sp1 | media_center | All |
| Operating System | Microsoft | Windows Xp | All | sp2 | home | All |
| Operating System | Microsoft | Windows Xp | All | sp2 | media_center | All |
| Operating System | Microsoft | Windows Xp | All | sp2 | tablet_pc | All |
| Application | Nortel | Ip Softphone 2050 | All | All | All | All |
| Application | Nortel | Mobile Voice Client 2050 | All | All | All | All |
| Application | Nortel | Optivity Telephony Manager | All | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Secunia - Advisories - Internet Explorer DHTML Edit ActiveX Control Cross-Site Scripting | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Patch, Vendor Advisory |
| 404 NOT FOUND | af854a3a-2127-422b-91ae-364da2661108 | freehost07.websamba.com | |
| US-CERT Vulnerability Note VU#356600 | af854a3a-2127-422b-91ae-364da2661108 | www.kb.cert.org | Patch, Third Party Advisory, US Government Resource |
| Microsoft Windows DHTML Edit Control Script Injection Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Exploit, Patch, Vendor Advisory |
| Microsoft Security Bulletin MS05-013 - Critical | Microsoft Docs | af854a3a-2127-422b-91ae-364da2661108 | docs.microsoft.com | |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | |
| US-CERT Technical Cyber Security Alert TA05-039A -- Multiple Vulnerabilities in Microsoft Windows Components | af854a3a-2127-422b-91ae-364da2661108 | www.us-cert.gov | Patch, Third Party Advisory, US Government Resource |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | |
| Repository / Oval Repository | af854a3a-2127-422b-91ae-364da2661108 | oval.cisecurity.org | |
| Neohapsis Archives - Bugtraq - #0167 - MSIE DHTML Edit Control Cross Site Scripting Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | archives.neohapsis.com | Exploit, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.