4 matches found
CVE-2009-0093
Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery WPAD feature, and conduct...
Design/Logic Flaw
Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery WPAD feature, and conduct...
Design/Logic Flaw
The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the 1 "wpad" and 2 "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery WPAD and Intra-Site Automatic Tunnel Addressing Protocol ISATAP...
CVE-2007-1692
CVE-2007-1692 concerns WPAD abuse via name registrations in Windows WINS/DNS. The default Windows config may allow remote attackers to intercept user web traffic by registering a proxy using WINS/DNS and answering WPAD requests (as shown with Internet Explorer). Related entries (CVE-2009-0093/009...