oval:org.mitre.oval:def:3851

Definition Id: oval:org.mitre.oval:def:3851

Oval ID:	oval:org.mitre.oval:def:3851
Title:	IE AbusiveParent Vulnerability (Windows 2000)
Description:	The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2004-1319	Version:	10
Platform(s):	Microsoft Windows 2000	Product(s):	Microsoft Internet Explorer
Definition Synopsis:
Windows 2000 (sp4 or earlier) is installed Windows 2000 is installed AND NOT Win2K/XP/2003 service pack 5 (or later) is installed AND the version of dhtmled.ocx is less than 6.1.0.9232 AND NOT the patch kb891781 is installed (Hotfix key)