Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2004-1319
HistoryJan 06, 2005 - 5:00 a.m.

CVE-2004-1319

2005-01-0605:00:00
mitre
web.nvd.nist.gov
36
dhtml edit control
remote attack
arbitrary web script
internet explorer
cve-2004-1319

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.6

Confidence

High

EPSS

0.079

Percentile

94.3%

JSON

The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by “AbusiveParent” in Internet Explorer 6.0.2900.2180.

Affected configurations

Nvd
Node
nortelip_softphone_2050
OR
nortelmobile_voice_client_2050
OR
norteloptivity_telephony_manager
OR
microsoftwindows_2000
OR
microsoftwindows_2000sp1
OR
microsoftwindows_2000sp2
OR
microsoftwindows_2000sp3
OR
microsoftwindows_2000sp4
OR
microsoftwindows_2003_serverMatchenterprise64-bit
OR
microsoftwindows_2003_serverMatchenterprise_64-bit
OR
microsoftwindows_2003_serverMatchr264-bit
OR
microsoftwindows_2003_serverMatchr2datacenter_64-bit
OR
microsoftwindows_2003_serverMatchstandard64-bit
OR
microsoftwindows_2003_serverMatchweb
OR
microsoftwindows_98gold
OR
microsoftwindows_98se
OR
microsoftwindows_me
OR
microsoftwindows_xp64-bit
OR
microsoftwindows_xphome
OR
microsoftwindows_xpmedia_center
OR
microsoftwindows_xpgoldprofessional
OR
microsoftwindows_xpsp164-bit
OR
microsoftwindows_xpsp1home
OR
microsoftwindows_xpsp1media_center
OR
microsoftwindows_xpsp2home
OR
microsoftwindows_xpsp2media_center
OR
microsoftwindows_xpsp2tablet_pc
VendorProductVersionCPE
nortelip_softphone_2050*cpe:2.3:a:nortel:ip_softphone_2050:*:*:*:*:*:*:*:*
nortelmobile_voice_client_2050*cpe:2.3:a:nortel:mobile_voice_client_2050:*:*:*:*:*:*:*:*
norteloptivity_telephony_manager*cpe:2.3:a:nortel:optivity_telephony_manager:*:*:*:*:*:*:*:*
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
microsoftwindows_2000*cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
microsoftwindows_2003_serverenterprisecpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*
microsoftwindows_2003_serverenterprise_64-bitcpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
Rows per page:
1-10 of 271

References

Related

cvelist 1
cert 1
securityvulns 1
nessus 1
nvd 1
cvelist
cvelist
CVE-2004-1319
2005-01-06 05:00:00
cert
cert
Microsoft Internet Explorer DHTML Editing ActiveX control contains a cross-domain vulnerability
2005-01-05 00:00:00
securityvulns
securityvulns
Microsoft Security Bulletin MS05-013 Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781)
2005-02-08 00:00:00
nessus
nessus
MS05-013: Vulnerability in the DHTML Editing Component may allow code execution (891781)
2005-02-08 00:00:00
nvd
nvd
CVE-2004-1319
2004-12-15 05:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

6.6

Confidence

High

EPSS

0.079

Percentile

94.3%

JSON
Related for CVE-2004-1319
cvelist1cert1securityvulns1nessus1nvd1