CVE-2007-1499: XSS
First published: Sat Mar 17 2007(Updated: )
Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability."
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft Windows Vista | ||
| Microsoft Internet Explorer | =7.0 | |
| Microsoft Windows XP |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx
- http://news.com.com/2100-1002_3-6167410.html
- http://secunia.com/advisories/24535
- http://www.us-cert.gov/cas/techalerts/TA07-163A.html
- http://www.securityfocus.com/bid/22966
- http://securitytracker.com/id?1018235
- http://secunia.com/advisories/25627
- http://securityreason.com/securityalert/2448
- http://www.vupen.com/english/advisories/2007/0946
- http://www.vupen.com/english/advisories/2007/2153
- http://osvdb.org/35352
- https://exchange.xforce.ibmcloud.com/vulnerabilities/33026
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1715
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033
- http://www.securityfocus.com/archive/1/471947/100/0/threaded
- http://www.securityfocus.com/archive/1/462945/100/0/threaded
- http://www.securityfocus.com/archive/1/462939/100/0/threaded
- http://www.securityfocus.com/archive/1/462833/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2007-1499?
CVE-2007-1499 is considered a critical vulnerability as it can lead to phishing attacks and the potential for remote code execution.
How do I fix CVE-2007-1499?
To mitigate CVE-2007-1499, users should upgrade to a more recent version of Internet Explorer that is no longer affected by this vulnerability.
Who is affected by CVE-2007-1499?
CVE-2007-1499 affects users of Microsoft Internet Explorer 7.0 on Windows XP and Vista.
What type of attack does CVE-2007-1499 enable?
CVE-2007-1499 enables remote attackers to conduct phishing attacks through crafted links.
Can CVE-2007-1499 be exploited remotely?
Yes, CVE-2007-1499 can be exploited remotely by attackers using specific res: URIs.
- collector/nvd-historical
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/microsoft
- canonical/microsoft windows vista
- canonical/microsoft internet explorer
- version/microsoft internet explorer/7.0
- canonical/microsoft windows xp