Get our new Windows 7 eBook (PDF) for $7 with 70+ Tips. Download Now!
Microsoft Internet Explorer FTP Command Injection Vulnerability
- 0
- Add a Comment
- No Related Post
Secunia Advisory: SA13404
Critical: Less critical
Impact: Manipulation of data
Where: From remote
Solution Status: Unpatched
Albert Puigsech Galicia has discovered a vulnerability in Microsoft Internet Explorer, which can be exploited by malicious people to conduct FTP command injection attacks.
The vulnerability is caused due to insufficient input validation of FTP URIs. This can be exploited by e.g. a malicious website to inject arbitrary FTP commands in a FTP session using a specially crafted pathname containing “%0A” characters.
The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows 2000 SP4 / XP SP2.
Solution:
Do not surf untrusted Web sites.