HTTP: Internet Explorer FTP Handler Remote Command Execution
This signature detects the download of a malicious Web page containing a malformed FTP URL. This URL can cause Microsoft Internet Explorer to execute additional commands on a remote FTP server without the user's knowledge.
Extended Description
Microsoft Internet Explorer is reported prone to an arbitrary FTP server command-execution vulnerability. This issue is due to the application's failure to properly sanitize user-supplied URI input before using it to execute FTP commands on remote servers. This vulnerability allows attackers to embed arbitrary FTP server commands in malicious URIs. Upon following this malicious URI, the victim user's browser will reportedly connect to the attacker-specified FTP server, and the malicious commands will be sent to the server. This may allow malicious files to be downloaded to the victim's computer without their knowledge. Other attacks are also likely possible. Note: Reportedly, this issue can be leveraged to send email to arbitrary addresses without user interaction.
Affected Products
Nortel_networks callpilot
Short Name
HTTP:STC:IE:IE-FTP-CMD
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2004-1166 Command Execution Explorer FTP Handler Internet Remote bid:11826
Release Date
01/05/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Nortel_networks
Microsoft
CVSS Score
7.5