CVE-2007-3164

CVE-2007-3164 is a medium-severity vulnerability in Microsoft Internet Explorer with a CVSS 2.0 base score of 5.8. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.

Key facts

Description

Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentication for an IDN web site, uses ACE labels for the domain name in the status bar, but uses internationalized labels for this name in the authentication dialog, which might allow remote attackers to perform phishing attacks if the user misinterprets confusable characters in the internationalized labels, as demonstrated by displaying xn--theshmogroup-bgk.com only in the status bar.

Frequently asked questions

What is CVE-2007-3164?
Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentication for an IDN web site, uses ACE labels for the domain name in the status bar, but uses internationalized labels for this name in the authentication dialog, which might allow remote attackers to perform phishing attacks if the user misinterprets confusable characters in the internationalized labels, as demonstrated by displaying xn--theshmogroup-bgk.com only in the status bar.
How severe is CVE-2007-3164?
CVE-2007-3164 has a CVSS 2.0 base score of 5.8, rated medium severity.
Is CVE-2007-3164 being actively exploited?
It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 10% (95th percentile), an estimate of the probability of exploitation in the next 30 days.
What products are affected by CVE-2007-3164?
CVE-2007-3164 affects Microsoft Internet Explorer. See the affected-products list for the exact vulnerable versions.
How do I fix CVE-2007-3164?
Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
When was CVE-2007-3164 published?
CVE-2007-3164 was published on 2007-06-11 and last updated on 2026-06-16.

References

Affected products (1)

More vulnerabilities in Microsoft Internet Explorer

All CVEs affecting Microsoft Internet Explorer →