From: Secunia Security Advisories (sec-advsecunia.com)
Date: Thu Dec 09 2004 - 08:20:16 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

TITLE:
Microsoft Internet Explorer FTP Command Injection Vulnerability

SECUNIA ADVISORY ID:
SA13404

VERIFY ADVISORY:
http://secunia.com/advisories/13404/

CRITICAL:
Less critical

IMPACT:
Manipulation of data

WHERE:
From remote

SOFTWARE:
Microsoft Internet Explorer 6
http://secunia.com/product/11/

DESCRIPTION:
Albert Puigsech Galicia has discovered a vulnerability in Microsoft
Internet Explorer, which can be exploited by malicious people to
conduct FTP command injection attacks.

The vulnerability is caused due to insufficient input validation of
FTP URIs. This can be exploited by e.g. a malicious website to inject
arbitrary FTP commands in a FTP session using a specially crafted
pathname containing "%0A" characters.

The vulnerability has been confirmed on a fully patched system with
Internet Explorer 6.0 and Microsoft Windows 2000 SP4 / XP SP2.

SOLUTION:
Do not surf untrusted websites.

PROVIDED AND/OR DISCOVERED BY:
Albert Puigsech Galicia

ORIGINAL ADVISORY:
http://www.7a69ezine.org/node/view/168

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/

Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories

----------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]