CVE-2007-3164

Description

Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentication for an IDN web site, uses ACE labels for the domain name in the status bar, but uses internationalized labels for this name in the authentication dialog, which might allow remote attackers to perform phishing attacks if the user misinterprets confusable characters in the internationalized labels, as demonstrated by displaying xn--theshmogroup-bgk.com only in the status bar.

5.8

CVSS

Severity: Medium

CVSS 2.0 •

EPSS 20.81% Top 5%

Third-Party Advisory secunia.com

Affected: n/a n/a

References

Link	Tags
http://secunia.com/advisories/25663	third party advisory
http://osvdb.org/36142	vdb entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/34867	vdb entry
http://www.securityfocus.com/bid/24483	vdb entry
http://ha.ckers.org/blog/20070608/cross-domain-basic-auth-phishing-tactics/
http://www.bitsploit.de/archives/428-Cross-Domain-Basic-Auth-Phishing-Tactics.html

Frequently Asked Questions

What is the severity of CVE-2007-3164?: CVE-2007-3164 has been scored as a medium severity vulnerability.
How to fix CVE-2007-3164?: To fix CVE-2007-3164, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2007-3164 being actively exploited in the wild?: It is possible that CVE-2007-3164 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~21% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.