Vulnerabilities > CVE-2005-2126 - Unspecified vulnerability in Microsoft products

047910
CVSS 2.6 - LOW
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
high complexity
microsoft
nessus

Summary

The FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames.

Vulnerable Configurations

Part Description Count
Application
Microsoft
1
OS
Microsoft
3

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS05-044.NASL
descriptionThe remote host contains a version of the Microsoft FTP client that contains a flaw in the way it handles FTP download. An attacker could exploit this flaw to modify the destination location for files downloaded via FTP. To exploit this flaw an attacker would need to set up a rogue FTP server and have a victim on the remote host connect to it and download a file manually using the affected client.
last seen2020-06-01
modified2020-06-02
plugin id19997
published2005-10-11
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/19997
titleMS05-044: Vulnerability in the Windows FTP Client Could Allow File Transfer Location Tampering (905495)

Oval

  • accepted2014-02-24T04:00:09.447-05:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameJohn Hoyland
      organizationCentennial Software
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameShane Shaffer
      organizationG2, Inc.
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    • nameMaria Mikhno
      organizationALTX-SOFT
    descriptionThe FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames.
    familywindows
    idoval:org.mitre.oval:def:1146
    statusaccepted
    submitted2005-10-12T12:00:00.000-04:00
    titleFTP Download Destination Tampering Vulnerability (Windows 2000)
    version72
  • accepted2011-05-09T04:01:09.506-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionThe FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames.
    familywindows
    idoval:org.mitre.oval:def:1284
    statusaccepted
    submitted2005-10-12T12:00:00.000-04:00
    titleFTP Download Destination Tampering Vulnerability (Server 2003)
    version66
  • accepted2011-05-16T04:00:56.983-04:00
    classvulnerability
    contributors
    • nameRobert L. Hollis
      organizationThreatGuard, Inc.
    • nameShane Shaffer
      organizationG2, Inc.
    • nameSudhir Gandhe
      organizationTelos
    • nameShane Shaffer
      organizationG2, Inc.
    descriptionThe FTP client in Windows XP SP1 and Server 2003, and Internet Explorer 6 SP1 on Windows 2000 SP4, when "Enable Folder View for FTP Sites" is enabled and the user manually initiates a file transfer, allows user-assisted, remote FTP servers to overwrite files in arbitrary locations via crafted filenames.
    familywindows
    idoval:org.mitre.oval:def:1416
    statusaccepted
    submitted2005-10-12T12:00:00.000-04:00
    titleFTP Download Destination Tampering Vulnerability (Windows XP)
    version68