The DHTML Edit Control (dhtmled.ocx) allows remote malicious users to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
microsoft windows 2000 |
||
microsoft windows 2003 server web |
||
microsoft windows 98 |
||
microsoft windows 98se |
||
microsoft windows xp |
||
microsoft windows 2003 server r2 |
||
microsoft windows 2003 server standard |
||
microsoft windows 2003 server enterprise_64-bit |
||
nortel ip softphone 2050 |
||
nortel mobile voice client 2050 |
||
nortel optivity telephony manager |
||
microsoft windows 2003 server enterprise |
||
microsoft windows me |