7.5
CWE
16
Advisory Published
Updated

CVE-2007-1692

First published: Mon Mar 26 2007(Updated: )

The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as demonstrated using Internet Explorer. NOTE: it could be argued that if an attacker already has control over WINS/DNS, then web traffic could already be intercepted by modifying WINS or DNS records, so this would not cross privilege boundaries and would not be a vulnerability. It has also been reported that DHCP is an alternate attack vector.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
Microsoft Windows 2000
Microsoft Windows Server 2003=2000
Microsoft Windows Server 2003=r2

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is the severity of CVE-2007-1692?

    CVE-2007-1692 has been assessed as a moderate severity vulnerability due to its potential for information disclosure.

  • How do I fix CVE-2007-1692?

    To mitigate CVE-2007-1692, disable WPAD or configure static WPAD entries in your network settings.

  • Who is affected by CVE-2007-1692?

    CVE-2007-1692 affects users of Microsoft Windows 2000 and Windows 2003 Server without proper configuration.

  • Can CVE-2007-1692 lead to data interception?

    Yes, CVE-2007-1692 can allow remote attackers to intercept web traffic if a rogue proxy server is registered.

  • What is the Web Proxy Autodiscovery Protocol related to CVE-2007-1692?

    The Web Proxy Autodiscovery Protocol enables automatic detection of proxy settings, which can be exploited in CVE-2007-1692.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203