|
|
CVE Reference: CVE-2008-1368 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-1368 |
|
|
Description: CRLF injection vulnerability in Microsoft Internet Explorer 5 and 6 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded CRLF (%0D%0A) before the FTP command, which causes the commands to be inserted into an authenticated FTP connection established earlier in the same browser session, as demonstrated using a DELE command, a variant or possibly a regression of CVE-2004-1166. NOTE: a trailing "//" can force Internet Explorer to try to reuse an existing authenticated connection. |
|
|
CVE Status: Candidate |
|
|
References: SREASON http://securityreason.com/securityalert/3750 SAID Secunia Advisory: SA29346 MISC http://www.rapid7.com/advisories/R7-0032.jsp BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/489500/100/0/threaded BID 28208 |
|
| Return to the previous page. |
