CVE-2004-2383

Published: Dec 31, 2004Modified: Apr 16, 2026

5.1

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Exploitability: 4.9 / Impact: 6.4

Source: NVD

Description

Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categorize this as a vulnerability, but it can be used in a spoofing scenario; the discloser provides alternate scenarios. Spoofing scenarios are currently included in CVE.

Affected (5)

Products: Microsoft: Ie, Internet Explorer

Microsoft

2 products

Internet Explorer

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Microsoft Ie	Version 6.0 sp1
Microsoft Internet Explorer	Version 5.5
Microsoft Internet Explorer	Version 5.5 sp1
Microsoft Internet Explorer	Version 5.5 sp2
Microsoft Internet Explorer	Version 6.0

References (6)

http://www.idefense.com/application/poi/display?id=77&type=vulnerabilities&flashstatus=false

Source: cve@mitre.org

http://www.securityfocus.com/bid/9761

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/15337

Source: cve@mitre.org

http://www.idefense.com/application/poi/display?id=77&type=vulnerabilities&flashstatus=false

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/9761

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/15337

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.