Required CVE Record Information
Description
The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.
References 13 Total
- secunia.com: 13482 third-party-advisory
- exchange.xforce.ibmcloud.com: ie-dhtml-xss(18504) vdb-entry
- us-cert.gov: TA05-039A third-party-advisory
- http://freehost07.websamba.com/greyhats/abusiveparent-discussion.htm
- oval.cisecurity.org: oval:org.mitre.oval:def:3851 vdb-entrysignature
- securityfocus.com: 11950 vdb-entry
- oval.cisecurity.org: oval:org.mitre.oval:def:1114 vdb-entrysignature
- oval.cisecurity.org: oval:org.mitre.oval:def:3464 vdb-entrysignature
- docs.microsoft.com: MS05-013 vendor-advisory
- archives.neohapsis.com: 20041215 MSIE DHTML Edit Control Cross Site Scripting Vulnerability mailing-list
- oval.cisecurity.org: oval:org.mitre.oval:def:4758 vdb-entrysignature
- kb.cert.org: VU#356600 third-party-advisory
- oval.cisecurity.org: oval:org.mitre.oval:def:1701 vdb-entrysignature
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 13 Total
- secunia.com: 13482 third-party-advisoryx_transferred
- exchange.xforce.ibmcloud.com: ie-dhtml-xss(18504) vdb-entryx_transferred
- us-cert.gov: TA05-039A third-party-advisoryx_transferred
- http://freehost07.websamba.com/greyhats/abusiveparent-discussion.htm x_transferred
- oval.cisecurity.org: oval:org.mitre.oval:def:3851 vdb-entrysignaturex_transferred
- securityfocus.com: 11950 vdb-entryx_transferred
- oval.cisecurity.org: oval:org.mitre.oval:def:1114 vdb-entrysignaturex_transferred
- oval.cisecurity.org: oval:org.mitre.oval:def:3464 vdb-entrysignaturex_transferred
- docs.microsoft.com: MS05-013 vendor-advisoryx_transferred
- archives.neohapsis.com: 20041215 MSIE DHTML Edit Control Cross Site Scripting Vulnerability mailing-listx_transferred
- oval.cisecurity.org: oval:org.mitre.oval:def:4758 vdb-entrysignaturex_transferred
- kb.cert.org: VU#356600 third-party-advisoryx_transferred
- oval.cisecurity.org: oval:org.mitre.oval:def:1701 vdb-entrysignaturex_transferred