What is the severity of CVE-2007-1692?

CVE-2007-1692 has been assessed as a moderate severity vulnerability due to its potential for information disclosure.

How do I fix CVE-2007-1692?

To mitigate CVE-2007-1692, disable WPAD or configure static WPAD entries in your network settings.

Who is affected by CVE-2007-1692?

CVE-2007-1692 affects users of Microsoft Windows 2000 and Windows 2003 Server without proper configuration.

Can CVE-2007-1692 lead to data interception?

Yes, CVE-2007-1692 can allow remote attackers to intercept web traffic if a rogue proxy server is registered.

What is the Web Proxy Autodiscovery Protocol related to CVE-2007-1692?

The Web Proxy Autodiscovery Protocol enables automatic detection of proxy settings, which can be exploited in CVE-2007-1692.

Vulnerability/
CVE-2007-1692

high

7.5

CWE

26/3/2007

7/8/2024

CVE-2007-1692

First published: Mon Mar 26 2007(Updated: )

The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries, which might allow remote attackers to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests, as demonstrated using Internet Explorer. NOTE: it could be argued that if an attacker already has control over WINS/DNS, then web traffic could already be intercepted by modifying WINS or DNS records, so this would not cross privilege boundaries and would not be a vulnerability. It has also been reported that DHCP is an alternate attack vector.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Microsoft Windows 2000
Microsoft Windows Server 2003	=2000
Microsoft Windows Server 2003	=r2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2007-1692?
CVE-2007-1692 has been assessed as a moderate severity vulnerability due to its potential for information disclosure.
How do I fix CVE-2007-1692?
To mitigate CVE-2007-1692, disable WPAD or configure static WPAD entries in your network settings.
Who is affected by CVE-2007-1692?
CVE-2007-1692 affects users of Microsoft Windows 2000 and Windows 2003 Server without proper configuration.
Can CVE-2007-1692 lead to data interception?
Yes, CVE-2007-1692 can allow remote attackers to intercept web traffic if a rogue proxy server is registered.
What is the Web Proxy Autodiscovery Protocol related to CVE-2007-1692?
The Web Proxy Autodiscovery Protocol enables automatic detection of proxy settings, which can be exploited in CVE-2007-1692.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/author
agent/severity
agent/weakness
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/microsoft
canonical/microsoft windows 2000
canonical/microsoft windows server 2003
version/microsoft windows server 2003/2000
version/microsoft windows server 2003/r2

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.