Back to search
CVE-2007-5355
Published: Dec 5, 2007
Modified: Aug 7, 2024
PUBLISHED
Description
The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2007-4064
vdb-entry
x_refsource_VUPEN
26686
vdb-entry
x_refsource_BID
http://www.microsoft.com/technet/security/advisory/945713.mspx
x_refsource_CONFIRM
1019033
vdb-entry
x_refsource_SECTRACK
27901
third-party-advisory
x_refsource_SECUNIA
945713
vendor-advisory
x_refsource_MSKB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now