CVE-2008-1368 — Code Injection in Microsoft Internet Explorer
Severity
4.3MEDIUMNVD
EPSS
23.1%
top 4.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 18
Latest updateMay 1
Description
CRLF injection vulnerability in Microsoft Internet Explorer 5 and 6 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded CRLF (%0D%0A) before the FTP command, which causes the commands to be inserted into an authenticated FTP connection established earlier in the same browser session, as demonstrated using a DELE command, a variant or possibly a regression of CVE-2004-1166. NOTE: a trailing "//" can force Internet Explorer to try to reuse an exi…
CVSS vector
AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9
Affected Packages1 packages
🔴Vulnerability Details
1GHSA▶
GHSA-3jq6-fx9w-pjqj: CRLF injection vulnerability in Microsoft Internet Explorer 5 and 6 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that c↗2022-05-01