CVE-2007-5355

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 6 through 7

Description: The issue concerns the Web Proxy Auto-Discovery (WPAD) feature. When a primary DNS suffix with three or more components is configured, it resolves an unqualified wpad hostname in a second-level domain outside this configured DNS domain. This allows remote WPAD servers to conduct man-in-the-middle (MITM) attacks.

Recommendations: For Microsoft Internet Explorer versions 6 through 7, consider disabling the WPAD feature as a temporary workaround until a patch is available. Restrict access to external WPAD servers to minimize the risk of exploitation.