Intrusion PreventionWeb.Browser.URL.Arbitrary.FTP.Command.Execution
Description
This indicates an attempt to exploit an arbitrary FTP command execution vulnerability in several web browsers.
The browsers fail to properly sanitize user input in the URI section of an FTP request, if the request is appended with characters like %0d and %0a. An attacker may plant a malicious Web page containing a specially constructed URL that points to an FTP server under attacker control. Arbitrary FTP commands will be sent to the FTP server automatically once the malicious link is clicked by a victim. This may lead to arbitrary files being downloaded to the victim's computer without the victim's knowledge, and also may allow other attacks by leveraging other vulnerabilities.
Affected Products
Microsoft Internet Explorer 6.0, SP1, and SP2.
KDE 3.x
KDE Kdelibs 3.x
KDE Konqueror 3.x
Impact
System compromise.
Recommended Actions
Apply the appropriate patch from the vendor or upgrade to a non-vulnerable version.
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2021-01-13 | 16.997 | Sig Added |
| ID | 12514 |
| Created | Sep 11, 2006 |
| Updated | Jun 09, 2022 |
| Risk |
|
| CVE ID | CVE-2004-1166 CVE-2004-1165 |
| Exploit Prediction Score | 96.78% |
| Default Action | drop |
| Active | |
| Affected OS | Linux |
| Affected App | Other |