Well, looks like there is a newly discovered bug in Microsoft Internet Explorer that could impact folks using their browsers for FTP.
“A flaw in the way Microsoft’s Internet Explorer browser processes FTP commands could let attackers steal or erase data from a victim’s FTP site.
The bug, which affects users of IE 6 and the unsupported IE 5 browser, gives an attacker a way of hijacking the victim’s FTP sessions. But a successful attack would be very hard to pull off and would only work in very precise, targeted attacks, security experts said.
The attacker would need to know the victim’s username on the FTP server and the victim would have to already be logged into the server, using IE. Under those conditions, the victim could be sent a malicious FTP link that would then execute commands on the victim’s FTP server.”
Of course, I’m tempted to point out that this flaw is reportedly almost identical to a similar bug that was identified and fixed in 2006….

No related posts.