Threat Center 
Security News Internet Explorer Vulnerability
Security News Internet Explorer Vulnerability
| Internet Explorer Vulnerability |
 |
 |
| Written by Rebecca Mints |
| Wednesday, 12 March 2008 16:57 |
|
Rapid 7 employee Derek Abdine has discovered an FTP command injection vulnerability in Internet Explorer. While processing FTP URIs, a vulnerability in IE can surface from an
input validation error. Arbitrary FTP commands may be injected into an
FTP session by means of a carefully crafted FTP URI that contains CRLF
character sequences and trailing slashes.
In order for the threat to be exploited a user must be lured into browsing a malicious website. IE version 6.0.2900.2180 is confirmed to carry the vulnerability, and it's also been reported in version 5. Others may also be susceptible. Currently there is no patch available. A suggested solution would be to upgrade to IE 7 and to be wary of untrusted websites. RERERENCES: Secunia.com |