CVE-2004-1166

Published: Dec 31, 2004Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.

Affected (3)

Products: Microsoft: Ie, Internet Explorer

2 products

Internet Explorer

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Microsoft Ie	Version 6.0 sp1
Microsoft Ie	Version 6.0 sp2
Microsoft Internet Explorer	Version 6.0

Related CWEs

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (28)

http://marc.info/?l=bugtraq&m=110253463305359&w=2

Source: cve@mitre.org

http://secunia.com/advisories/13404

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/29346

Source: cve@mitre.org

Vendor Advisory

http://securitytracker.com/id?1012444

Source: cve@mitre.org

http://www.osvdb.org/12299

Source: cve@mitre.org

http://www.rapid7.com/advisories/R7-0032.jsp

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/489500/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/11826

Source: cve@mitre.org

ExploitVendor Advisory

http://www.securityfocus.com/bid/28208

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/3212

Source: cve@mitre.org

Vendor Advisory

http://www.vupen.com/english/advisories/2008/0870

Source: cve@mitre.org

Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/18384

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A462

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=110253463305359&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/13404

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/29346

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securitytracker.com/id?1012444

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/12299

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.rapid7.com/advisories/R7-0032.jsp

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/489500/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/11826

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitVendor Advisory

http://www.securityfocus.com/bid/28208

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2006/3212

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.vupen.com/english/advisories/2008/0870

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/18384

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A462

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.