CVE-2004-1319

Опубликовано: 15 дек. 2004

Источник: nvd

CVSS2: 5

EPSS Средний

Описание

The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.

Ссылки

http://archives.neohapsis.com/archives/bugtraq/2004-12/0167.html
Exploit
Vendor Advisory
http://freehost07.websamba.com/greyhats/abusiveparent-discussion.htm
http://secunia.com/advisories/13482/
Patch
Vendor Advisory
http://www.kb.cert.org/vuls/id/356600
Patch
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/11950
Exploit
Patch
Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA05-039A.html
Patch
Third Party Advisory
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-013
https://exchange.xforce.ibmcloud.com/vulnerabilities/18504
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1114
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1701
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3464
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3851
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4758
http://archives.neohapsis.com/archives/bugtraq/2004-12/0167.html
Exploit
Vendor Advisory
http://freehost07.websamba.com/greyhats/abusiveparent-discussion.htm
http://secunia.com/advisories/13482/
Patch
Vendor Advisory
http://www.kb.cert.org/vuls/id/356600
Patch
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/11950
Exploit
Patch
Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA05-039A.html
Patch
Third Party Advisory
US Government Resource
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-013

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nortel:ip_softphone_2050:*:*:*:*:*:*:*:*

cpe:2.3:a:nortel:mobile_voice_client_2050:*:*:*:*:*:*:*:*

cpe:2.3:a:nortel:optivity_telephony_manager:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*

cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*

cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*

cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*

cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*

cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*

cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*

cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*

cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*

cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*

cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*

cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*

cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*

cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*

EPSS

Процентиль: 97%

0.34428

Средний

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-m56r-f9gm-g5wp

github

больше 3 лет назад