Microsoft IE DHTML Edit ActiveX Control execScript() XSS

2004-12-15T06:49:31
ID OSVDB:12424
Type osvdb
Reporter Paul(paul@greyhats.cjb.net)
Modified 2004-12-15T06:49:31

Description

Vulnerability Description

Windows contains a flaw that allows a remote cross site scripting attack. This flaw exists because dhtmled.ocx does not validate arguments to the execScript() function. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

Windows contains a flaw that allows a remote cross site scripting attack. This flaw exists because dhtmled.ocx does not validate arguments to the execScript() function. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

References:

Security Tracker: 1012584 Secunia Advisory ID:13482 Other Advisory URL: http://freehost07.websamba.com/greyhats/abusiveparent.htm Microsoft Security Bulletin: MS05-013 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-12/0167.html ISS X-Force ID: 18504 CVE-2004-1319 CERT VU: 356600 Bugtraq ID: 11950