Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5355

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2007-5355
Last Modified 07 Mar 2011 10:00:33
Published 05 Dec 2007 06:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5355

Summary

The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks.

Vulnerable Systems

Application

  • Microsoft Ie 5.01

  • Microsoft Ie 6

  • Microsoft Ie 7


References

VUPEN - ADV-2007-4064

SECTRACK - 1019033

BID - 26686

CONFIRM - http://www.microsoft.com/technet/security/advisory/945713.mspx

MSKB - 945713

SECUNIA - 27901


Last Updated: 27 May 2016 10:46:09