CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command. for Internet Explorer (KB918899) x86 based systems for SP1
Vulnerability Name CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command. for Internet Explorer (KB918899) x86 based systems for SP1
Severity Important
Exploits Not available
CVE ID CVE-2004-1166,CVE-2006-3280,CVE-2006-3450,CVE-2006-3451,CVE-2006-3637,CVE-2006-3638,CVE-2006-3639,CVE-2006-3640,CVE-2006-3869,CVE-2006-3873
CVSS 2.08 (I:P/AV:N/Au:N/AC:L/A:P/C:P)
Solution
Published Date 08/08/2006
Updated Date 08/08/2006

Disclaimer: This webpage is intended to provide you information about vulnerability announcement for certain specific software products. The information is provided "As Is" without warranty of any kind. The links provided point to pages on the vendors websites. You can get more information by clicking the links to visit the relevant pages on the vendors website.