Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1166

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-1166
Last Modified 27 Sep 2011 12:00:00
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1166

Summary

CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.

Vulnerable Systems

Application

  • Microsoft Ie 6.0


References

XF - web-browser-ftp-command-execution(18384)

VUPEN - ADV-2008-0870

VUPEN - ADV-2006-3212

BID - 28208

BID - 11826

BUGTRAQ - 20080313 Rapid7 Advisory R7-0032: Microsoft Internet Explorer FTP Command Injection Vulnerability

MISC - http://www.rapid7.com/advisories/R7-0032.jsp

OSVDB - 12299

MS - MS06-042

SECTRACK - 1012444

SECUNIA - 29346

SECUNIA - 13404

BUGTRAQ - 20041207 7a69Adv#15 - Internet Explorer FTP command injection


Last Updated: 27 May 2016 10:38:55