CVE-2007-3164

Published: Jun 11, 2007Modified: Apr 23, 2026

5.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability: 8.6 / Impact: 4.9

Source: NVD

Description

Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentication for an IDN web site, uses ACE labels for the domain name in the status bar, but uses internationalized labels for this name in the authentication dialog, which might allow remote attackers to perform phishing attacks if the user misinterprets confusable characters in the internationalized labels, as demonstrated by displaying xn--theshmogroup-bgk.com only in the status bar.

Affected (1)

Products: Microsoft: Internet Explorer

1 product

Internet Explorer

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Microsoft Internet Explorer	Version 7.0

References (12)

http://ha.ckers.org/blog/20070608/cross-domain-basic-auth-phishing-tactics/

Source: cve@mitre.org

http://osvdb.org/36142

Source: cve@mitre.org

http://secunia.com/advisories/25663

Source: cve@mitre.org

http://www.bitsploit.de/archives/428-Cross-Domain-Basic-Auth-Phishing-Tactics.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/24483

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/34867

Source: cve@mitre.org

http://ha.ckers.org/blog/20070608/cross-domain-basic-auth-phishing-tactics/

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/36142

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/25663

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.bitsploit.de/archives/428-Cross-Domain-Basic-Auth-Phishing-Tactics.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/24483

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/34867

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.