Web.Browser.URL.Arbitrary.FTP.Command.Execution
Description
This indicates an attempt to exploit an arbitrary FTP command execution vulnerability in several web browsers.
The browsers fail to properly sanitize user input in the URI section of an FTP request, if the request is appended with characters like %0d and %0a. An attacker may plant a malicious Web page containing a specially constructed URL that points to an FTP server under attacker control. Arbitrary FTP commands will be sent to the FTP server automatically once the malicious link is clicked by a victim. This may lead to arbitrary files being downloaded to the victim's computer without the victim's knowledge, and also may allow other attacks by leveraging other vulnerabilities.
Affected Products
Microsoft Internet Explorer 6.0, SP1, and SP2.
KDE 3.x
KDE Kdelibs 3.x
KDE Konqueror 3.x
Impact
System compromise.
Recommended Actions
Apply the appropriate patch from the vendor or upgrade to a non-vulnerable version.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2021-01-13 | 16.997 | Sig Added |