New Search

IE AbusiveParent Vulnerability (32-bit Server 2003)

oval:org.mitre.oval:def:1114

The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window opening a child page whose target is the window with the given name then injecting the script from the parent into the child using execScript as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2003
Class:
vulnerability
Reference(s):
  • CVE-2004-1319
Product(s):
  • Microsoft Internet Explorer