What is CVE-2004-1166?

CVE-2004-1166 is a vulnerability in N/a. Published 2004-12-10.

Is CVE-2004-1166 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2004-1166

CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which cau…

EPSS: 0.661 (98.5th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

www.rapid7.com/advisories/R7-0032.jsp (x_refsource_MISC)
MS06-042 (x_refsource_MS, vendor-advisory)
20080313 Rapid7 Advisory R7-0032: Microsoft Internet Explorer FTP Command Injection Vulnerability (mailing-list, x_refsource_BUGTRAQ)
20041207 7a69Adv#15 - Internet Explorer FTP command injection (mailing-list, x_refsource_BUGTRAQ)
29346 (x_refsource_SECUNIA, third-party-advisory)
11826 (vdb-entry, x_refsource_BID)
web-browser-ftp-command-execution(18384) (vdb-entry, x_refsource_XF)
ADV-2006-3212 (vdb-entry, x_refsource_VUPEN)
28208 (vdb-entry, x_refsource_BID)
ADV-2008-0870 (vdb-entry, x_refsource_VUPEN)

Frequently asked questions

What is CVE-2004-1166?: CVE-2004-1166 is a vulnerability in N/a. Published 2004-12-10.
Is CVE-2004-1166 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.