New Search

IE AbusiveParent Vulnerability (32-bit XP)

oval:org.mitre.oval:def:3464

The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window opening a child page whose target is the window with the given name then injecting the script from the parent into the child using execScript as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows XP
Class:
vulnerability
Reference(s):
  • CVE-2004-1319
Product(s):
  • Microsoft Internet Explorer