CVE-2007-1499

critical

Description

Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability."

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1715

https://exchange.xforce.ibmcloud.com/vulnerabilities/33026

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033

http://www.vupen.com/english/advisories/2007/2153

http://www.vupen.com/english/advisories/2007/0946

http://www.us-cert.gov/cas/techalerts/TA07-163A.html

http://www.securityfocus.com/bid/22966

http://www.securityfocus.com/archive/1/471947/100/0/threaded

http://www.securityfocus.com/archive/1/462945/100/0/threaded

http://www.securityfocus.com/archive/1/462939/100/0/threaded

http://www.securityfocus.com/archive/1/462833/100/0/threaded

http://securitytracker.com/id?1018235

http://securityreason.com/securityalert/2448

http://secunia.com/advisories/25627

http://secunia.com/advisories/24535

http://osvdb.org/35352

http://news.com.com/2100-1002_3-6167410.html

http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx

Details

Source: Mitre, NVD

Published: 2007-03-17

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

Severity: Critical