Internet Explorer FTP Command Injection

Latest News
Airline: New Virus Infections- WARNING Microsoft Warns of Word attack Backup Your Information! Daylight Saving Howto & Warning Storm Virus Provide Spammers New Exploited PC

Popular
Installing Skype on Ubuntu Linux MarshallS/TJ Max Security Breach Secure Hard Disk Erasing Terms and Conditions Reseting the TCP/IP stack on an MS XP with NETSH command

Affect IE version 6.0 on Windows 2000/XP

IE supports URLs beginning with "ftp://". IE's FTP URL handler decodes hex-encoded characters such as "%0a" and "%20". It is therefore possible to inject FTP commands in a URL using the hex-encoded newline and space characters.

Status: Microsoft not confirmed, no patches available.

References:
Posting by Albert Galicia
Securityfocus.com
SecurityFocus BID
Securityfocus.com