CVE-2007-1499

CVE Database · CVE-2007-1499

CVE-2007-1499

· N/AModified

CVSS v3.1

N/A

EPSS

29.78%

Published

Mar 17, 2007

Modified

Apr 22, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBMicrosoft Internet Explorer 7 - NavCancel.HTM Cross-Site Scripting TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability."

Weaknesses (CWE)

CWE-79

Affected Products (4)

microsoft · windows_vista

microsoft · ievulnerable

microsoft · windows_xp

microsoft · ievulnerable

References (20)

http://aviv.raffon.net/2007/03/14/PhishingUsingIE7LocalResourceVulnerability.aspx

Vendor Advisory

http://news.com.com/2100-1002_3-6167410.html

http://osvdb.org/35352