| Revision Date: | 2015-08-03 | Version: | 53 | | Title: | FTP Server Command Injection Vulnerability | | Description: | CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command. | | Family: | windows | Class: | vulnerability | | Status: | ACCEPTED | Reference(s): | CVE-2004-1166
| | Platform(s): | Microsoft Windows 2000
Microsoft Windows Server 2003
Microsoft Windows XP
| Product(s): | Microsoft Internet Explorer
| | Definition Synopsis | | Server 2003-Gold Microsoft Windows Server 2003 (x86) Gold is installed
AND Microsoft Internet Explorer 6 is installed
AND the version of mshtml.dll is less than 6.0.3790.554
OR XP,SP1 (64-bit) and Server 2003, SP1
Windows XP (64-bit,SP1) or Server 2003 (SP1) is installed
Microsoft Windows XP SP1 (64-bit) is installed
OR Microsoft Windows Server 2003 SP1 (x86) is installed
AND Microsoft Internet Explorer 6 is installed
AND the version of mshtml.dll is less than 6.0.3790.2759
OR IE 6 on Windows XP,SP2
Microsoft Windows XP SP2 or later is installed
AND Microsoft Internet Explorer 6 is installed
AND Mshtml.dll version is less than 6.0.2900.2963
OR IE 6 on Windows 2000 or XP,SP1 (32-bit)
Win2K,SP4 or XP,SP1 (32-bit) is installed
Microsoft Windows 2000 SP4 or later is installed
OR Microsoft Windows XP SP1 (32-bit) is installed
AND Microsoft Internet Explorer 6 is installed
AND Internet Explorer 6 (any patch level) is installed
AND the version of mshtml.dll is less than 6.0.2800.1561
OR IE 5.01,SP4 on Win2k,SP4
Microsoft Windows 2000 SP4 or later is installed
AND Microsoft Internet Explorer 5.01 SP4 is installed
AND the version of mshtml.dll is less than 5.0.3842.3000
|
|