Vulnerabilities > CVE-2004-2383 - Unspecified vulnerability in Microsoft IE and Internet Explorer
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categorize this as a vulnerability, but it can be used in a spoofing scenario; the discloser provides alternate scenarios. Spoofing scenarios are currently included in CVE.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 |
Exploit-Db
| description | Microsoft Internet Explorer 5/6 Cross-Domain Event Leakage Vulnerability. CVE-2004-2383. Remote exploit for windows platform |
| id | EDB-ID:23766 |
| last seen | 2016-02-02 |
| modified | 2004-02-27 |
| published | 2004-02-27 |
| reporter | iDefense |
| source | https://www.exploit-db.com/download/23766/ |
| title | Microsoft Internet Explorer 5/6 - Cross-Domain Event Leakage Vulnerability |