← Back

CVE-2007-5355

nvd nist
Published: Dec 5, 2007Modified: Apr 23, 2026

JSON object

Loading...
5.8
Vector
AV:N/AC:M/Au:N/C:P/I:P/A:N
Exploitability: 8.6 / Impact: 4.9
Source: NVD

Description

The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks.

Affected (4)

Microsoft
1 product
Internet Explorer
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Internet Explorer
Version 5.01 sp4
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Internet Explorer
Version 6 sp1
Running on/withPlatform Versions
Microsoft
Windows 2000
All versions
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Internet Explorer
Version 6
Configuration D
1 vulnerable · 8 platform
Vulnerable SoftwareAffected Versions
Internet Explorer
Version 7
Running on/withPlatform Versions
Microsoft
Windows 2003 Server
Version 64-bit
Microsoft
Windows 2003 Server
Version 64-bit_sp2
Microsoft
Windows 2003 Server
Version itanium_sp1
Microsoft
Windows 2003 Server
Version itanium_sp2
Microsoft
Windows 2003 Server
Version sp1
Microsoft
Windows 2003 Server
Version sp2
Microsoft
Windows Vista
All versions
Microsoft
Windows Xp
All versions

References (12)

Source: secure@microsoft.com
Vendor Advisory
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: secure@microsoft.com
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.