TITLE: Microsoft Windows FTP Client Filename Validation Vulnerability SECUNIA ADVISORY ID: SA17163
VERIFY ADVISORY: http://secunia.com/advisories/17163/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From remote OPERATING SYSTEM: Microsoft Windows XP Professional http://secunia.com/product/22/ Microsoft Windows XP Home Edition http://secunia.com/product/16/ Microsoft Windows Server 2003 Web Edition http://secunia.com/product/1176/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/product/1173/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/product/1174/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/product/1175/ SOFTWARE: Microsoft Internet Explorer 6.x http://secunia.com/product/11/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the Windows FTP client in validating the name of a downloaded file. This can be exploited to write files into arbitrary locations on an affected system. Successful exploitation requires that the user is e.g. tricked into downloading a file with a specially-crafted filename from an FTP server. The vulnerability may be related to: SA13704 SOLUTION: Apply patches. Microsoft Windows XP (requires Service Pack 1): http://www.microsoft.com/downloads/details.aspx?FamilyId=351C63A3-AB62-418D-8678-3AF791D73A29 Microsoft Windows Server 2003: http://www.microsoft.com/downloads/details.aspx?FamilyId=4940CF64-E1FD-4E88-8980-3106BE03BF12 Microsoft Windows Server 2003 (Itanium): http://www.microsoft.com/downloads/details.aspx?FamilyId=B715147B-DE2D-4F14-9548-AFF18641D0F3 Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 (requires Service Pack 4): http://www.microsoft.com/downloads/details.aspx?FamilyId=FCEA60E5-9EA8-4216-BA4D-C85054892DBB ORIGINAL ADVISORY: MS05-044 (KB905495): http://www.microsoft.com/technet/security/Bulletin/MS05-044.mspx OTHER REFERENCES: SA13704: http://secunia.com/advisories/13704 ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
