Vulnerability Details CVE-2004-2383
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categorize this as a vulnerability, but it can be used in a spoofing scenario; the discloser provides alternate scenarios. Spoofing scenarios are currently included in CVE.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.234
EPSS Ranking 95.7%
CVSS Severity
CVSS v2 Score 5.1
References
- http://www.idefense.com/application/poi/display?id=77&type=vulnerabilities&flashstatus=false
- http://www.securityfocus.com/bid/9761
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15337
- http://www.idefense.com/application/poi/display?id=77&type=vulnerabilities&flashstatus=false
- http://www.securityfocus.com/bid/9761
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15337
Products affected by CVE-2004-2383
-
cpe:2.3:a:microsoft:ie:6.0
-
cpe:2.3:a:microsoft:internet_explorer:5.5
-
cpe:2.3:a:microsoft:internet_explorer:6.0