Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2383


Vulnerability Score 5.1 5.1
CVE Id CVE-2004-2383
Last Modified 05 Sep 2008 04:43:58
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE



Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categorize this as a vulnerability, but it can be used in a spoofing scenario; the discloser provides alternate scenarios. Spoofing scenarios are currently included in CVE.

Vulnerable Systems


  • Microsoft Ie 5.5

  • Microsoft Ie 6.0


XF - ie-frame-domain-bypass(15337)

BID - 9761

IDEFENSE - 20040227 Microsoft Internet Explorer Cross Frame Scripting Restriction Bypass

Last Updated: 27 May 2016 10:39:26