This indicates an attempt to exploit an arbitrary FTP command execution vulnerability in several web browsers.
The browsers fail to properly sanitize user input in the URI section of an FTP request, if the request is appended with characters like %0d and %0a. An attacker may plant a malicious Web page containing a specially constructed URL that points to an FTP server under attacker control. Arbitrary FTP commands will be sent to the FTP server automatically once the malicious link is clicked by a victim. This may lead to arbitrary files being downloaded to the victim's computer without the victim's knowledge, and also may allow other attacks by leveraging other vulnerabilities.
Microsoft Internet Explorer 6.0, SP1, and SP2.
KDE Kdelibs 3.x
KDE Konqueror 3.x
Apply the appropriate patch from the vendor or upgrade to a non-vulnerable version.