CVE-2007-1692
Severity
7.5HIGH
EPSS
35.5%
top 2.94%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 26
Latest updateMay 1
Description
The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as demonstrated using Internet Explorer. NOTE: it could be argued that if an attacker already has control over WINS/DNS, then web traffic could already be intercepted by modifying WINS or DNS records, so this would not cross privile…
CVSS vector
AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4
Affected Packages1 packages
🔴Vulnerability Details
2GHSA▶
GHSA-w64j-9mwf-4v77: The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries, which might allow remote↗2022-05-01
CVEList▶
CVE-2007-1692: The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries, which might allow remote↗2007-03-26