A vulnerability in the way Microsoft Internet Explorer handles responses from FTP servers may lead to execution of arbitrary code.
Microsoft Internet Explorer contains an unspecified vulnerability that could be exploited when it attempts to interpret responses from FTP servers. According to Microsoft Security Bulletin MS07-016:
When Internet Explorer handles specially crafted FTP server responses it may corrupt system memory in such a way that an attacker could execute arbitrary code.
A remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the user who is running the vulnerable application or cause a denial-of-service condition.
Microsoft has released an update to address this issue. See Microsoft Security Bulletin MS07-016 for more details.
Do not follow unsolicited links
This vulnerability was reported in Microsoft Security Bulletin MS07-016. Microsoft credits iDefense for reporting this issue.
This document was written by Chris Taschner.
|Date First Published:||2007-02-20|
|Date Last Updated:||2007-02-23 13:57 UTC|