• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft File Transfer Manager Arbitrary File Upload/Download Vulnerability

The Microsoft File Transfer Manager (FTM) ActiveX control is used to allow beta test customers and others to download files from certain Microsoft sites.

The File Transfer Manager is vulnerable to man in the middle attacks. An attacker may be able to upload or download any file of their choosing to or from the system running FTM.