CVE-2007-1499

Microsoft Internet Explorer 7.0 - Cross-Site Scripting via res: URI Navigation Cancel Page Spoofing

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1499. PoCs published by Aviv Raff.

AI-analyzed exploit summary This exploit leverages a cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer by injecting malicious script via the Navigation canceled page. The attack relies on improper sanitization of user-supplied data in the res://ieframe.dll/navcancl.htm resource.

Description

Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability."

Exploits (1)

exploitdb WORKING POC VERIFIED
by Aviv Raff · textremotewindows
https://www.exploit-db.com/exploits/29741

This exploit leverages a cross-site scripting (XSS) vulnerability in Microsoft Internet Explorer by injecting malicious script via the Navigation canceled page. The attack relies on improper sanitization of user-supplied data in the res://ieframe.dll/navcancl.htm resource.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Microsoft Internet Explorer (versions affected by CVE-2007-1499)
No auth needed
Prerequisites: Victim must be using a vulnerable version of Internet Explorer · Victim must be tricked into clicking a malicious link
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (18)

Core 18
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/22966
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/2448
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/35352
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/0946
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1715
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/25627
Third Party Advisory, VDB Entry vendor-advisory x_refsource_hp
http://www.securityfocus.com/archive/1/471947/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/33026
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1018235
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24535
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2153
US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA07-163A.html
Various Sources x_refsource_misc
http://news.com.com/2100-1002_3-6167410.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/462939/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/462945/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/462833/100/0/threaded

Scores

EPSS 0.2978
EPSS Percentile 98.0%

Details

CWE
CWE-79
Status published
Products (1)
microsoft/ie 7.0
Published Mar 17, 2007
Tracked Since Feb 18, 2026