5

CVE-2004-1319

Exploit

EPSS 35.5%
Published 15.12.2004 05:00:00
Last modified 03.04.2025 01:03:51
Source cve@mitre.org
Teams watchlist Login
Open Login

The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.

Affected products Warnungen 0 Metrics 2 CWE 0 References 16

Data is provided by the National Vulnerability Database (NVD)

Nortel ≫ Ip Softphone 2050

Nortel ≫ Mobile Voice Client 2050

Nortel ≫ Optivity Telephony Manager

Microsoft ≫ Windows 2000

Microsoft ≫ Windows 2000 Updatesp1

Microsoft ≫ Windows 2000 Updatesp2

Microsoft ≫ Windows 2000 Updatesp3

Microsoft ≫ Windows 2000 Updatesp4

Microsoft ≫ Windows 2003 Server Versionenterprise Edition64-bit

Microsoft ≫ Windows 2003 Server Versionenterprise_64-bit

Microsoft ≫ Windows 2003 Server Versionr2 Edition64-bit

Microsoft ≫ Windows 2003 Server Versionr2 Editiondatacenter_64-bit

Microsoft ≫ Windows 2003 Server Versionstandard Edition64-bit

Microsoft ≫ Windows 2003 Server Versionweb

Microsoft ≫ Windows 98 Updategold

Microsoft ≫ Windows 98se

Microsoft ≫ Windows Me

Microsoft ≫ Windows Xp Edition64-bit

Microsoft ≫ Windows Xp Editionhome

Microsoft ≫ Windows Xp Editionmedia_center

Microsoft ≫ Windows Xp Updategold Editionprofessional

Microsoft ≫ Windows Xp Updatesp1 Edition64-bit

Microsoft ≫ Windows Xp Updatesp1 Editionhome

Microsoft ≫ Windows Xp Updatesp1 Editionmedia_center

Microsoft ≫ Windows Xp Updatesp2 Editionhome

Microsoft ≫ Windows Xp Updatesp2 Editionmedia_center

Microsoft ≫ Windows Xp Updatesp2 Editiontablet_pc

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	35.5%	0.97

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

http://www.us-cert.gov/cas/techalerts/TA05-039A.html

Patch

Third Party Advisory

US Government Resource

http://archives.neohapsis.com/archives/bugtraq/2004-12/0167.html

Vendor Advisory

Exploit

http://freehost07.websamba.com/greyhats/abusiveparent-discussion.htm

http://secunia.com/advisories/13482/

Patch

Vendor Advisory

http://www.kb.cert.org/vuls/id/356600

Patch

Third Party Advisory

US Government Resource

http://www.securityfocus.com/bid/11950

Patch

Vendor Advisory

Exploit

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-013

https://exchange.xforce.ibmcloud.com/vulnerabilities/18504

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1114

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1701

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3464

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3851

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4758

https://nvd.nist.gov/vuln/detail/CVE-2004-1319

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2004-1319

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2004-1319

EUVD