CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
94.3%
The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by “AbusiveParent” in Internet Explorer 6.0.2900.2180.
Vendor | Product | Version | CPE |
---|---|---|---|
nortel | ip_softphone_2050 | * | cpe:2.3:a:nortel:ip_softphone_2050:*:*:*:*:*:*:*:* |
nortel | mobile_voice_client_2050 | * | cpe:2.3:a:nortel:mobile_voice_client_2050:*:*:*:*:*:*:*:* |
nortel | optivity_telephony_manager | * | cpe:2.3:a:nortel:optivity_telephony_manager:*:*:*:*:*:*:*:* |
microsoft | windows_2000 | * | cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:* |
microsoft | windows_2000 | * | cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:* |
microsoft | windows_2000 | * | cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:* |
microsoft | windows_2000 | * | cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:* |
microsoft | windows_2000 | * | cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:* |
microsoft | windows_2003_server | enterprise | cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:* |
microsoft | windows_2003_server | enterprise_64-bit | cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:* |
archives.neohapsis.com/archives/bugtraq/2004-12/0167.html
freehost07.websamba.com/greyhats/abusiveparent-discussion.htm
secunia.com/advisories/13482/
www.kb.cert.org/vuls/id/356600
www.securityfocus.com/bid/11950
www.us-cert.gov/cas/techalerts/TA05-039A.html
docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-013
exchange.xforce.ibmcloud.com/vulnerabilities/18504
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1114
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1701
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3464
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3851
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4758