Unrated severityNVD Advisory· Published Dec 15, 2004· Updated Jun 16, 2026
CVE-2004-1319
CVE-2004-1319
Description
The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
28- cpe:2.3:a:nortel:ip_softphone_2050:*:*:*:*:*:*:*:*
- cpe:2.3:a:nortel:mobile_voice_client_2050:*:*:*:*:*:*:*:*
- cpe:2.3:a:nortel:optivity_telephony_manager:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*+ 5 more
- cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*+ 9 more
- cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
- Range: =6.0.2900.2180
Patches
Vulnerability mechanics
References
13- secunia.com/advisories/13482/nvdPatchVendor Advisory
- www.kb.cert.org/vuls/id/356600nvdPatchThird Party AdvisoryUS Government Resource
- www.us-cert.gov/cas/techalerts/TA05-039A.htmlnvdPatchThird Party AdvisoryUS Government Resource
- archives.neohapsis.com/archives/bugtraq/2004-12/0167.htmlnvdExploitVendor Advisory
- www.securityfocus.com/bid/11950nvdExploitPatchVendor Advisory
- freehost07.websamba.com/greyhats/abusiveparent-discussion.htmnvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-013nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/18504nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1114nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1701nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3464nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3851nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4758nvd
News mentions
0No linked articles in our index yet.