CVE-2004-1166 - CVE Reference - Advisories

CVE Reference: CVE-2004-1166

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2004-1166

Description: CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.

CVE Status: Candidate

References: XF http://xforce.iss.net/xforce/xfdb/18384 ST 1012444 SAID Secunia Advisory: SA13404 Secunia Advisory: SA29346 OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:462 OSVDB 12299 MS http://www.microsoft.com/technet/security/bulletin/ms06-042.mspx MISC http://www.rapid7.com/advisories/R7-0032.jsp BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/489500/100/0/threaded http://marc.theaimsgroup.com/?l=bugtraq&m=110253463305359&w=2 BID 28208 11826

Return to the previous page.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	Microsoft Windows XP I2O Utility Filter Driver Privilege Escalation

2.	Internet Explorer "DisableCaching OfSSLPages" Weakness

3.	HP-UX ftp Server Unspecified Denial of Service

4.	Microsoft Windows CE Image Processing Vulnerabilities

5.	Sun Solaris Print Service Unspecified Vulnerabilities

6.	Red Hat Directory Server Regular Expression Handler Buffer Overflow

7.	Pngcrush libpng Unknown Chunk Processing Uninitialized Memory Access

8.	SUSE Update for Multiple Packages

9.	Fedora update for cups

10.	Sarg Multiple Unspecified Buffer Overflows