Executive Summary
Informations | |||
---|---|---|---|
Name | MS05-013 | First vendor Publication | N/A |
Vendor | Microsoft | Last vendor Modification | N/A |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability in the DHTML Editing Component ActiveX Control Could Allow Remote Code Execution (891781) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1114 | |||
Oval ID: | oval:org.mitre.oval:def:1114 | ||
Title: | IE AbusiveParent Vulnerability (32-bit Server 2003) | ||
Description: | The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-1319 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1701 | |||
Oval ID: | oval:org.mitre.oval:def:1701 | ||
Title: | IE AbusiveParent Vulnerability (64-bit XP) | ||
Description: | The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-1319 | Version: | 10 |
Platform(s): | Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:3464 | |||
Oval ID: | oval:org.mitre.oval:def:3464 | ||
Title: | IE AbusiveParent Vulnerability (32-bit XP) | ||
Description: | The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-1319 | Version: | 8 |
Platform(s): | Microsoft Windows XP | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:3851 | |||
Oval ID: | oval:org.mitre.oval:def:3851 | ||
Title: | IE AbusiveParent Vulnerability (Windows 2000) | ||
Description: | The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-1319 | Version: | 10 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:4758 | |||
Oval ID: | oval:org.mitre.oval:def:4758 | ||
Title: | IE AbusiveParent Vulnerability (64-bit Server 2003) | ||
Description: | The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-1319 | Version: | 5 |
Platform(s): | Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
12424 | Microsoft IE DHTML Edit ActiveX Control execScript() XSS Windows contains a flaw that allows a remote cross site scripting attack. This flaw exists because dhtmled.ocx does not validate arguments to the execScript() function. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2005-02-08 | Name : Arbitrary code can be executed on the remote host through the web client. File : smb_nt_ms05-013.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:45:08 |
|