header-logo
Suggest Exploit
vendor:
Internet Explorer
by:
SecurityFocus
8.3
CVSS
HIGH
Microsoft Internet Explorer FTP Indexing
94
CWE
Product Name: Internet Explorer
Affected Version From: Internet Explorer 5.5
Affected Version To: Internet Explorer 6
Patch Exists: YES
Related CWE: CVE-2002-0392
CPE: a:microsoft:internet_explorer
Metasploit: https://www.rapid7.com/db/vulnerabilities/apache-httpd-cve-2002-0392/https://www.rapid7.com/db/vulnerabilities/http-apache2-chunked-transfer-int-bof/https://www.rapid7.com/db/vulnerabilities/apache-httpd-1_3_x-apache-chunked-encoding-vulnerability-cve-2002-0392/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

Microsoft Internet Explorer FTP Indexing

When Internet Explorer FTP is used in 'Classic Mode', a malicious script code can be executed in the security zone of another FTP site. The script code will be executed with the permissions of the user running Internet Explorer.

Mitigation:

Users should disable the 'Classic Mode' of Internet Explorer FTP.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7810/info

The Microsoft Internet Explorer FTP indexing implementation could allow script code to be executed in the security zone of another FTP site. This vulnerability only exists when Internet Explorer FTP is used in "Classic Mode".

Any script would be executed with the permissions of the user running Internet Explorer. 

ftp://%3cimg%20src%3d%22%22%20onerror%3d%22alert%28document%2eURL%29%22%3e.example.com/

Navigation

Suggest Exploit

Services By CQR