CVE-2007-3164

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer version 7

Description: The issue concerns a potential phishing attack when Microsoft Internet Explorer 7 prompts for HTTP Basic Authentication for an IDN web site. It uses ACE labels for the domain name in the status bar but internationalized labels in the authentication dialog. This discrepancy might allow remote attackers to perform phishing attacks if the user misinterprets confusable characters in the internationalized labels.

Recommendations: For Microsoft Internet Explorer version 7, consider avoiding the use of internationalized domain names in authentication dialogs until a fix is available. As a temporary workaround, users should be cautious when interpreting domain names in authentication prompts to minimize the risk of phishing attacks.