Security Advisory

CVE-2004-1166

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2004-12-10 05:00:00

Last updated 2024-08-08 00:39:01

Assigner mitre

State PUBLISHED

Description

CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.

← Browse all CVEs View on cve.org ↗