Vulnerabilities > CVE-2007-3164 - Unspecified vulnerability in Microsoft Internet Explorer 7.0

CVSS 5.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

microsoft

NVD

Published: 2007-06-11

Updated: 2021-07-23

Summary

Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentication for an IDN web site, uses ACE labels for the domain name in the status bar, but uses internationalized labels for this name in the authentication dialog, which might allow remote attackers to perform phishing attacks if the user misinterprets confusable characters in the internationalized labels, as demonstrated by displaying xn--theshmogroup-bgk.com only in the status bar.

Vulnerable Configurations

Part	Description	Count
Application	Microsoft Microsoft Internet Explorer 7.0	1

References

http://ha.ckers.org/blog/20070608/cross-domain-basic-auth-phishing-tactics/
http://www.bitsploit.de/archives/428-Cross-Domain-Basic-Auth-Phishing-Tactics.html
http://www.securityfocus.com/bid/24483
http://secunia.com/advisories/25663
http://osvdb.org/36142
https://exchange.xforce.ibmcloud.com/vulnerabilities/34867