VYPR
Unrated severityNVD Advisory· Published Dec 5, 2007· Updated Jun 16, 2026

CVE-2007-5355

CVE-2007-5355

Description

The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet Explorer 6 and 7, when a primary DNS suffix with three or more components is configured, resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain, which allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks.

Affected products

5
  • cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*+ 4 more
    • cpe:2.3:a:microsoft:internet_explorer:5.01:sp4:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:internet_explorer:6:sp1:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:internet_explorer:7:*:*:*:*:*:*:*
    • (no CPE)range: 6, 7

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.