Info

Disclosure

Dec 06, 2004

Discovery

Unknown

Dates

Exploit

Dec 06, 2004

Solution

Unknown

Description

Internet Explorer contains a flaw that will allow an attacker to inject arbitrary FTP commands. The problem is that the Internet Explorer URL FTP request is not verified properly and will allow an attacker to inject or manipulate FTP commands, resulting in a loss of integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation

Internet Explorer

References

FrSIRT Advisory: ADV-2006-3212
Bugtraq ID: 11826
Microsoft Knowledge Base Article: 918899
Microsoft Security Bulletin: MS06-042
Related OSVDB ID: 27850 27851 27852 27853 27854 27855
Other Advisory URL: http://www.7a69ezine.org/node/view/168
ISS X-Force ID: 18384
Secunia Advisory ID: 13404 21396
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-12/0076.html
CVE ID: 2004-1166 (see also: NVD)
Security Tracker: 1012444
Keyword: 7a69ezine Advisories 7a69Adv#15

Credit

Albert Puigsech Galicia - ripe7a69ezine.org - Personal Page

Direct URL: http://osvdb.org/36218