What is the severity of CVE-2007-5355?

CVE-2007-5355 has a moderate severity rating due to its potential for remote exploitation through misleading WPAD servers.

How do I fix CVE-2007-5355?

To fix CVE-2007-5355, users should install the latest security updates for Microsoft Internet Explorer and disable the Web Proxy Auto-Discovery feature.

Which versions of Internet Explorer are affected by CVE-2007-5355?

CVE-2007-5355 affects Internet Explorer 6 and 7, specifically their configurations with certain DNS suffixes.

Is CVE-2007-5355 applicable to Windows XP users?

CVE-2007-5355 does not affect Windows XP users as the vulnerable versions of Internet Explorer are not present.

Can CVE-2007-5355 be exploited remotely?

Yes, CVE-2007-5355 can be exploited remotely by attackers leveraging unqualified wpad hostnames in malicious WPAD servers.

Vulnerability/
CVE-2007-5355

medium

5.8

CWE

NVD-CWE-Other

5/12/2007

7/8/2024

CVE-2007-5355

First published: Wed Dec 05 2007(Updated: )

The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks.

Credit: secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft Windows 2000	=sp4
Internet Explorer	=5.01-sp4
Internet Explorer	=6-sp1
Microsoft Windows Server 2003	=64-bit
Microsoft Windows Server 2003	=64-bit_sp2
Microsoft Windows Server 2003	=itanium_sp1
Microsoft Windows Server 2003	=itanium_sp2
Microsoft Windows Server 2003	=sp1
Microsoft Windows Server 2003	=sp2
Microsoft Windows XP	=sp2
Internet Explorer	=6
Microsoft Windows Vista
Internet Explorer	=7

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2007-5355?
CVE-2007-5355 has a moderate severity rating due to its potential for remote exploitation through misleading WPAD servers.
How do I fix CVE-2007-5355?
To fix CVE-2007-5355, users should install the latest security updates for Microsoft Internet Explorer and disable the Web Proxy Auto-Discovery feature.
Which versions of Internet Explorer are affected by CVE-2007-5355?
CVE-2007-5355 affects Internet Explorer 6 and 7, specifically their configurations with certain DNS suffixes.
Is CVE-2007-5355 applicable to Windows XP users?
CVE-2007-5355 does not affect Windows XP users as the vulnerable versions of Internet Explorer are not present.
Can CVE-2007-5355 be exploited remotely?
Yes, CVE-2007-5355 can be exploited remotely by attackers leveraging unqualified wpad hostnames in malicious WPAD servers.

collector/nvd-historical
agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/author
agent/last-modified-date
agent/weakness
agent/severity
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/microsoft
canonical/microsoft windows 2000
version/microsoft windows 2000/sp4
canonical/internet explorer
version/internet explorer/5.01-sp4
version/internet explorer/6-sp1
canonical/microsoft windows server 2003
version/microsoft windows server 2003/64-bit
version/microsoft windows server 2003/64-bit_sp2
version/microsoft windows server 2003/itanium_sp1
version/microsoft windows server 2003/itanium_sp2
version/microsoft windows server 2003/sp1
version/microsoft windows server 2003/sp2
canonical/microsoft windows xp
version/microsoft windows xp/sp2
version/internet explorer/6
canonical/microsoft windows vista
version/internet explorer/7