Unrated severityNVD Advisory· Published Sep 21, 2007· Updated Apr 23, 2026

CVE-2007-4991

Description

The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet.

Affected products

Microsoft/Isa Server2 versions
cpe:2.3:a:microsoft:isa_server:2004:sp1:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:microsoft:isa_server:2004:sp1:*:*:*:*:*:*
- cpe:2.3:a:microsoft:isa_server:2004:sp2:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.securityfocus.com/bid/25753nvdPatch
www.zerodayinitiative.com/advisories/ZDI-07-053.htmlnvdPatchVendor Advisory
osvdb.org/45906nvd
www.securitytracker.com/idnvd
exchange.xforce.ibmcloud.com/vulnerabilities/36715nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.038
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000