VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-2383

CVE-2004-2383

Description

Microsoft Internet Explorer 5.0-6.0 allows attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Microsoft Internet Explorer 5.0-6.0 allows attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains.

Vulnerability

Microsoft Internet Explorer versions 5.0 through 6.0 are vulnerable to an issue that bypasses cross-frame scripting restrictions. This vulnerability allows an HTML document with JavaScript outside a frameset, which includes a target domain, to capture keyboard events from that domain by forcing the frameset to maintain focus [1].

Exploitation

An attacker can create an HTML document containing JavaScript that targets a frameset. By placing the JavaScript outside the frameset and then forcing the frameset to maintain focus using onLoad and onBlur events, the attacker can capture keyboard events from frames within the frameset that are from a different domain [1].

Impact

Successful exploitation allows an attacker to bypass cross-frame scripting restrictions and capture keyboard events from other domains. This can lead to sensitive information leakage and can be used in a spoofing scenario, effectively permitting a hostile web page to capture keystrokes from a foreign domain [1].

Mitigation

Microsoft has not officially categorized this as a vulnerability, and therefore, a specific patch or fixed version has not been released. Users are advised to be aware of potential spoofing scenarios. No workarounds or EOL status are currently disclosed in the available references [1].

References
  1. Microsoft Internet Explorer 5/6 - Cross-Domain Event Leakage

AI Insight generated on Jun 6, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

6
  • Microsoft/Ie
    cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
  • Microsoft/Internet Explorer5 versions
    cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:microsoft:internet_explorer:5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:internet_explorer:5.5:sp1:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:internet_explorer:5.5:sp2:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
    • (no CPE)range: 5.0 - 6.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.