ID CVE-2007-3164
Summary Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentication for an IDN web site, uses ACE labels for the domain name in the status bar, but uses internationalized labels for this name in the authentication dialog, which might allow remote attackers to perform phishing attacks if the user misinterprets confusable characters in the internationalized labels, as demonstrated by displaying xn--theshmogroup-bgk.com only in the status bar.
References
Vulnerable Configurations
  • cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:microsoft:internet_explorer:7.0:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 23-07-2021 - 15:05)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:N
refmap via4
bid 24483
misc
osvdb 36142
secunia 25663
xf ie-idn-authentication-spoofing(34867)
Last major update 23-07-2021 - 15:05
Published 11-06-2007 - 22:30
Last modified 23-07-2021 - 15:05
Back to Top