Microsoft Internet Explorer FTP Command Injection Vulnerability
Manipulation of data
Microsoft Internet Explorer 6
Albert Puigsech Galicia has discovered a vulnerability in Microsoft
Internet Explorer, which can be exploited by malicious people to
conduct FTP command injection attacks.
The vulnerability is caused due to insufficient input validation of
FTP URIs. This can be exploited by e.g. a malicious website to inject
arbitrary FTP commands in a FTP session using a specially crafted
pathname containing "%0A" characters.
The vulnerability has been confirmed on a fully patched system with
Internet Explorer 6.0 and Microsoft Windows 2000 SP4 / XP SP2.
Do not surf untrusted websites.
Cameras that make great holiday gifts
Let them start the new year with a step up in photo and video quality from a phone.