Published: 31/12/2004 Updated: 23/07/2021

CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9

VMScore: 515

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Microsoft Internet Explorer 5.0 up to and including 6.0 allows remote malicious users to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categorize this as a vulnerability, but it can be used in a spoofing scenario; the discloser provides alternate scenarios. Spoofing scenarios are currently included in CVE.

Vulnerable Product	Search on Vulmon	Subscribe to Product
microsoft ie 6.0
microsoft internet explorer 5.5
microsoft internet explorer 6.0

source: wwwsecurityfocuscom/bid/9761/info Microsoft Internet Explorer is reported to be prone to an issue that may leak sensitive information across foreign domains This issue could permit framesets in different domains to leak various events, including keyboard events This could effectively permit a hostile web page to capture keystro ...

NVD-CWE-Other http://www.securityfocus.com/bid/9761 http://www.idefense.com/application/poi/display?id=77&type=vulnerabilities&flashstatus=false https://exchange.xforce.ibmcloud.com/vulnerabilities/15337 https://nvd.nist.gov https://www.exploit-db.com/exploits/23766/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2004-2383

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect