MS.DHTML.Edit.Control.Cross.Domain.Script.Injection

description-logoDescription

This indicates a possible exploit of a "DHTML Edit Control" cross domain vulnerability through Internet Explorer.
"DHTML Edit Control" supports dynamic web site editng by means of an HTML editor. A vulnerability is reported in the DHTML editing activeX control that allows a script that is executing through execScript to access content in another domain. By persuading a victim to view a specially crafted HTML page, an attacker can spoof the web content of a web site and access its information, and also can inject malicious scripts into the local computer zone.

affected-products-logoAffected Products

Microsoft Windows Operating Systems.

Impact logoImpact

System Compromise: an attacker can spoof web content, access web site information such as cookies and take control of an affected system.

recomended-action-logoRecommended Actions

Apply security patch to the system as given in the Microsoft Security Bulletin MS05-013.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)