|
Family: Windows : Microsoft Bulletins --> Category: infos
Vulnerability in the Windows FTP Client Could Allow File Transfer Location Tampering (905495) Vulnerability Scan
Vulnerability Scan Summary Acertains the presence of update 905495
Detailed Explanation for this Vulnerability Test
Synopsis :
A flaw in the FTP client installed on the remote host may allow a rogue
FTP server to write to arbitrary locations on the remote host.
Description :
The remote host contains a version of the Microsoft FTP client which contains
a flaw in the way it handles FTP download. A possible hacker may exploit this flaw
to modify the destination location for files downloaded via FTP.
To exploit this flaw a possible hacker would need to set up a rogue FTP server
and have a victim on the remote host connect to it and download a file
manaully.
Solution :
Microsoft has released a set of patches for Windows 2000, XP and 2003 :
http://www.microsoft.com/technet/security/bulletin/ms05-044.mspx
Threat Level:
Low / CVSS Base Score : 3
(AV:R/AC:H/Au:NR/C:N/A:N/I:P/B:I)
Click HERE for more information and discussions on this network vulnerability scan.
|