Vulnerability Details : CVE-2007-1499
Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability."
Vulnerability category: Execute code
Products affected by CVE-2007-1499
- cpe:2.3:a:microsoft:ie:7.0:*:vista:*:*:*:*:*When used together with: Microsoft » Windows Vista
Exploit prediction scoring system (EPSS) score for CVE-2007-1499
66.02%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-1499
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2007-1499
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-1499
-
http://securitytracker.com/id?1018235
-
http://securityreason.com/securityalert/2448
-
http://www.securityfocus.com/archive/1/471947/100/0/threaded
-
http://www.securityfocus.com/archive/1/462939/100/0/threaded
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1715
-
http://news.com.com/2100-1002_3-6167410.html
-
http://www.securityfocus.com/archive/1/462945/100/0/threaded
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/33026
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033
-
http://www.securityfocus.com/bid/22966
-
http://www.vupen.com/english/advisories/2007/0946
-
http://secunia.com/advisories/24535
Vendor Advisory
-
http://www.securityfocus.com/archive/1/462833/100/0/threaded
-
http://www.us-cert.gov/cas/techalerts/TA07-163A.html
US Government Resource
-
http://osvdb.org/35352
-
http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx
Vendor Advisory
-
http://www.vupen.com/english/advisories/2007/2153
-
http://secunia.com/advisories/25627
Vendor Advisory
Jump to