CVE-2007-1692. Disclosed: 03.26.07. The default configuration of Microsoft Windows uses the Web Proxy Autodiscovery Protocol (WPAD) without static WPAD entries. A remote attacker could leverage this to intercept web traffic by registering a proxy server using WINS or DNS, then responding to WPAD requests.
READ TECHNICAL DETAILS – National Vulnerability Database
READ TECHNICAL DETAILS – Common Vulnerabilities and Exposures