Intrusion Prevention

Web.Browser.URL.Arbitrary.FTP.Command.Execution

Description

This indicates an attempt to exploit an arbitrary FTP command execution vulnerability in several web browsers.
The browsers fail to properly sanitize user input in the URI section of an FTP request, if the request is appended with characters like %0d and %0a. An attacker may plant a malicious Web page containing a specially constructed URL that points to an FTP server under attacker control. Arbitrary FTP commands will be sent to the FTP server automatically once the malicious link is clicked by a victim. This may lead to arbitrary files being downloaded to the victim's computer without the victim's knowledge, and also may allow other attacks by leveraging other vulnerabilities.

Affected Products

Microsoft Internet Explorer 6.0, SP1, and SP2.
KDE 3.x
KDE Kdelibs 3.x
KDE Konqueror 3.x

Impact

System compromise.

Recommended Actions

Apply the appropriate patch from the vendor or upgrade to a non-vulnerable version.

CVE References

CVE-2004-1165 CVE-2004-1166