Spyware Doctor
Spyware Doctor with AntiVirus
PC Tools AntiVirus
PC Tools Internet Security
PC Tools Firewall Plus
ThreatFire
Spam Monitor
Registry Mechanic
Desktop Maestro
File Recover
Privacy Guardian
Spyware Doctor Enterprise
Help me choose
WPAD Spoofing Vulnerability
Under specific conditions, a vulnerability exists in Internet Explorer 5 that could allow a malicious user to provide proxy settings to web clients in another network.
Issue
The IE 5 Web Proxy Auto-Discovery (WPAD) feature enables web clients to automatically detect proxy settings without user intervention. The algorithm used by WPAD prepends the hostname "wpad" to the fully-qualified domain name and progressively removes subdomains until it either finds a WPAD server answering the domain name or reaches the third-level domain. For instance, web clients in the domain a.b.microsoft.com would query wpad.a.b.microsoft, wpad.b.microsoft.com, then wpad.microsoft.com. A vulnerability arises because in international usage, the third-level domain may not be trusted. A malicious user could set up a WPAD server and serve proxy configuration commands of his or her choice.
Affected Products
- Microsoft Internet Explorer 5
Download
Patch: http://www.microsoft.com/windows/ie/download/critical/patch7.htm
Further Details
Source: Microsoft Corporation
Reference: Microsoft Corporation
Updated: December 1, 1999
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
