 Albert Puigsech Galicia has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an input validation error in the handling
of FTP file transfers. This can be exploited by a malicious FTP server to create
files in arbitrary locations via directory traversal attacks by tricking a user
into downloading malicious files (e.g. by dragging or copying a file or folder).
The vulnerability has been confirmed on a fully patched system with Internet
Explorer 6.0 and Microsoft Windows 2000 SP4 / XP SP1.
SOFTWARE:
Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6
SOLUTION:
The vulnerability does not affect systems running Windows XP with SP2 installed.
Do not download files from untrusted FTP servers.
PROVIDED AND/OR DISCOVERED BY:
Albert Puigsech Galicia
ORIGINAL ADVISORY:
http://www.7a69ezine.org/node/view/176
VERIFY ADVISORY:
http://secunia.com/advisories/13704/
Secunia Security Advisories
| 
Contribute :
Advanced Search :
Web Resources :
Polls :
File Repository
