Intrusion Prevention

MS.DHTML.Edit.Control.Cross.Domain.Script.Injection

Description

This indicates a possible exploit of a "DHTML Edit Control" cross domain vulnerability through Internet Explorer.
"DHTML Edit Control" supports dynamic web site editng by means of an HTML editor. A vulnerability is reported in the DHTML editing activeX control that allows a script that is executing through execScript to access content in another domain. By persuading a victim to view a specially crafted HTML page, an attacker can spoof the web content of a web site and access its information, and also can inject malicious scripts into the local computer zone.

Affected Products

Microsoft Windows Operating Systems.

Impact

System Compromise: an attacker can spoof web content, access web site information such as cookies and take control of an affected system.

Recommended Actions

Apply security patch to the system as given in the Microsoft Security Bulletin MS05-013.

CVE References

CVE-2004-1319