CVE-2004-1319 — Microsoft Windows 2003 Server vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

31.3%

top 3.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows 2003 Server

Timeline

PublishedDec 15

Latest updateApr 29

Description

The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmicrosoft/windows_2003_server5 versions+4

Patches

Patch: secunia.com ↗Patch: www.kb.cert.org ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-m56r-f9gm-g5wp: The DHTML Edit Control (dhtmled↗2022-04-29

▶

CVEList

CVE-2004-1319: The DHTML Edit Control (dhtmled↗2005-01-06

▶

VulnCheck

DHTML Editing Component ActiveX Control Vulnerability↗2004

▶