CVE-2007-3164

Severity

57%

Complexity

86%

Confidentiality

81%

Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentication for an IDN web site, uses ACE labels for the domain name in the status bar, but uses internationalized labels for this name in the authentication dialog, which might allow remote attackers to perform phishing attacks if the user misinterprets confusable characters in the internationalized labels, as demonstrated by displaying xn--theshmogroup-bgk.com only in the status bar.

Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentication for an IDN web site, uses ACE labels for the domain name in the status bar, but uses internationalized labels for this name in the authentication dialog, which might allow remote attackers to perform phishing attacks if the user misinterprets confusable characters in the internationalized labels, as demonstrated by displaying xn--theshmogroup-bgk.com only in the status bar.

CVSS 2.0 Base Score 5.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:N).

Overview

First reported 17 years ago

2007-06-11 22:30:00

Last updated 7 years ago

2017-07-29 01:32:00

Affected Software

Microsoft Internet Explorer 7.0

7.0

References

http://ha.ckers.org/blog/20070608/cross-domain-basic-auth-phishing-tactics/

36142

25663

http://www.bitsploit.de/archives/428-Cross-Domain-Basic-Auth-Phishing-Tactics.html

24483

ie-idn-authentication-spoofing(34867)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.