Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveMitreCVE-2004-2383
HistoryAug 16, 2005 - 4:00 a.m.

CVE-2004-2383

2005-08-1604:00:00
mitre
web.nvd.nist.gov
39
cve-2004-2383
microsoft
internet explorer
cross-frame scripting
keyboard events
remote attackers
spoofing
nvd

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

6.2

Confidence

High

EPSS

0.819

Percentile

98.4%

JSON

Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categorize this as a vulnerability, but it can be used in a spoofing scenario; the discloser provides alternate scenarios. Spoofing scenarios are currently included in CVE.

Affected configurations

Nvd
Node
microsoftieMatch6.0sp1
OR
microsoftinternet_explorerMatch5.5
OR
microsoftinternet_explorerMatch5.5sp1
OR
microsoftinternet_explorerMatch5.5sp2
OR
microsoftinternet_explorerMatch6.0
VendorProductVersionCPE
microsoftie6.0cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
microsoftinternet_explorer5.5cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
microsoftinternet_explorer5.5cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*
microsoftinternet_explorer5.5cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
microsoftinternet_explorer6.0cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*

Related

checkpoint_advisories 1
cvelist 1
exploitdb 1
nvd 1
checkpoint_advisories
checkpoint_advisories
Internet Explorer Cross Frame Scripting Restriction Bypass (CVE-2004-2383)
2010-02-09 00:00:00
cvelist
cvelist
CVE-2004-2383
2005-08-16 04:00:00
exploitdb
exploitdb
Microsoft Internet Explorer 5/6 - Cross-Domain Event Leakage
2004-02-27 00:00:00
nvd
nvd
CVE-2004-2383
2004-12-31 05:00:00

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

AI Score

6.2

Confidence

High

EPSS

0.819

Percentile

98.4%

JSON
Related for CVE-2004-2383
checkpoint_advisories1cvelist1exploitdb1nvd1