TITLE: Microsoft Windows FTP Client Filename Validation Vulnerability SECUNIA ADVISORY ID: SA17163 VERIFY ADVISORY: http://secunia.com/advisories/17163/ CRITICAL: Moderately critical IMPACT: System access WHERE: >From remote OPERATING SYSTEM: Microsoft Windows XP Professional http://secunia.com/product/22/ Microsoft Windows XP Home Edition http://secunia.com/product/16/ Microsoft Windows Server 2003 Web Edition http://secunia.com/product/1176/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/product/1173/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/product/1174/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/product/1175/ SOFTWARE: Microsoft Internet Explorer 6.x http://secunia.com/product/11/ DESCRIPTION: A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the Windows FTP client in validating the name of a downloaded file. This can be exploited to write files into arbitrary locations on an affected system. Successful exploitation requires that the user is e.g. tricked into downloading a file with a specially-crafted filename from an FTP server. The vulnerability may be related to: SA13704 SOLUTION: Apply patches. Microsoft Windows XP (requires Service Pack 1): http://www.microsoft.com/downloads/details.aspx?FamilyId=351C63A3-AB62-418D-8678-3AF791D73A29 Microsoft Windows Server 2003: http://www.microsoft.com/downloads/details.aspx?FamilyId=4940CF64-E1FD-4E88-8980-3106BE03BF12 Microsoft Windows Server 2003 (Itanium): http://www.microsoft.com/downloads/details.aspx?FamilyId=B715147B-DE2D-4F14-9548-AFF18641D0F3 Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 (requires Service Pack 4): http://www.microsoft.com/downloads/details.aspx?FamilyId=FCEA60E5-9EA8-4216-BA4D-C85054892DBB ORIGINAL ADVISORY: MS05-044 (KB905495): http://www.microsoft.com/technet/security/Bulletin/MS05-044.mspx OTHER REFERENCES: SA13704: http://secunia.com/advisories/13704 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------