CVE-2004-2383
Last modified
CVE-2004-2383 is a vulnerability of currently unknown severity. Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categorize this as a vulnerability, but it can be used in a spoofing scenario; the discloser provides alternate scenarios. EPSS estimates a 19.97% chance of exploitation in the next 30 days.
Description
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categorize this as a vulnerability, but it can be used in a spoofing scenario; the discloser provides alternate scenarios. Spoofing scenarios are currently included in CVE.
Metrics
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Microsoft | Ie | 6.0 | Sp1 |
| Microsoft | Internet Explorer | 5.5 | — |
| Microsoft | Internet Explorer | 6.0 | — |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2004-2383?
How severe is CVE-2004-2383?
How do I fix CVE-2004-2383?
Are you affected by CVE-2004-2383?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST