CVE-2007-5355Microsoft Internet Explorer vulnerability

2 documents2 sources
Severity
5.8MEDIUMNVD
EPSS
27.4%
top 3.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Microsoft Internet Explorer
Timeline
PublishedDec 5
Latest updateMay 1

Description

The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

NVDmicrosoft/internet_explorer5.01, 6, 7+2

🔴Vulnerability Details

1
GHSA
GHSA-r9pr-94pj-px9j: The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configu2022-05-01
CVE-2007-5355 — Microsoft vulnerability | cvebase