Vulnerability Details : CVE-2004-1319

The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.

Published 2004-12-15 05:00:00

Updated 2019-04-30 14:27:13

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2004-1319

Probability of exploitation activity in the next 30 days: 4.89%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 92 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2004-1319

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:N	10.0	2.9	nvd@nist.gov
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

References for CVE-2004-1319

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1114
http://www.securityfocus.com/bid/11950

Exploit;Patch;Vendor Advisory
http://www.kb.cert.org/vuls/id/356600

Patch;Third Party Advisory;US Government Resource
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3464
http://archives.neohapsis.com/archives/bugtraq/2004-12/0167.html

Exploit;Vendor Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3851
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-013
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1701
http://www.us-cert.gov/cas/techalerts/TA05-039A.html

Patch;Third Party Advisory;US Government Resource

CVEs referencing this url
https://exchange.xforce.ibmcloud.com/vulnerabilities/18504
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4758

Products affected by CVE-2004-1319

Microsoft » Windows 2000 » Update SP1
cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2000 » Update SP3
cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2000
cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2000 » Update SP2
cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2000 » Update SP4
cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
Matching versions
Microsoft » Windows 98 » Update Gold
cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*
Matching versions
Microsoft » Windows 98se
cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update SP2 Tablet Pc Edition
cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update SP2 Home Edition
cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Home Edition
cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update SP1 64-bit Edition
cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » 64-bit Edition
cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update SP2 Media Center Edition
cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update SP1 Media Center Edition
cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update Gold Professional Edition
cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Update SP1 Home Edition
cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
Matching versions
Microsoft » Windows Xp » Media Center Edition
cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*
Matching versions
Microsoft » Windows Me
cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: WEB
cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: Enterprise 64-bit
cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: R2 64-bit Edition
cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: Enterprise 64-bit Edition
cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: R2 Datacenter 64-bit Edition
cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
Matching versions
Microsoft » Windows 2003 Server » Version: Standard 64-bit Edition
cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*
Matching versions
Nortel » Ip Softphone 2050
cpe:2.3:a:nortel:ip_softphone_2050:*:*:*:*:*:*:*:*
Matching versions
Nortel » Mobile Voice Client 2050
cpe:2.3:a:nortel:mobile_voice_client_2050:*:*:*:*:*:*:*:*
Matching versions
Nortel » Optivity Telephony Manager
cpe:2.3:a:nortel:optivity_telephony_manager:*:*:*:*:*:*:*:*
Matching versions