Unrated severityNVD Advisory· Published Dec 15, 2004· Updated Apr 16, 2026
CVE-2004-1319
CVE-2004-1319
Description
The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.
Affected products
27- cpe:2.3:a:nortel:ip_softphone_2050:*:*:*:*:*:*:*:*
- cpe:2.3:a:nortel:mobile_voice_client_2050:*:*:*:*:*:*:*:*
- cpe:2.3:a:nortel:optivity_telephony_manager:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:microsoft:windows_2000:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp1:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp2:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp3:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2000:*:sp4:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*+ 5 more
- cpe:2.3:o:microsoft:windows_2003_server:enterprise:*:64-bit:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:enterprise_64-bit:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:r2:*:64-bit:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:r2:*:datacenter_64-bit:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:standard:*:64-bit:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_2003_server:web:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_98:*:gold:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_98se:*:*:*:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_me:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*+ 9 more
- cpe:2.3:o:microsoft:windows_xp:*:*:64-bit:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:gold:professional:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:*:home:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:*:media_center:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp1:64-bit:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp1:home:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp1:media_center:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:home:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:media_center:*:*:*:*:*
- cpe:2.3:o:microsoft:windows_xp:*:sp2:tablet_pc:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
13- secunia.com/advisories/13482/nvdPatchVendor Advisory
- www.kb.cert.org/vuls/id/356600nvdPatchThird Party AdvisoryUS Government Resource
- www.us-cert.gov/cas/techalerts/TA05-039A.htmlnvdPatchThird Party AdvisoryUS Government Resource
- archives.neohapsis.com/archives/bugtraq/2004-12/0167.htmlnvdExploitVendor Advisory
- www.securityfocus.com/bid/11950nvdExploitPatchVendor Advisory
- freehost07.websamba.com/greyhats/abusiveparent-discussion.htmnvd
- docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-013nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/18504nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1114nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1701nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3464nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3851nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4758nvd
News mentions
0No linked articles in our index yet.