PDA

Visualizza versione completa : Internet Explorer FTP Download Directory Traversal


Giorgius
03-01-2005, 17.58.12
Albert Puigsech Galicia has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an input validation error in the handling of FTP file transfers. This can be exploited by a malicious FTP server to create files in arbitrary locations via directory traversal attacks by tricking a user into downloading malicious files (e.g. by dragging or copying a file or folder).

Leggi: http://secunia.com/advisories/13704/