MS05-044: Vulnerability in the Windows FTP Client Could Allow File Transfer Location Tampering (905495)

This script is Copyright (C) 2005-2013 Tenable Network Security, Inc.


Synopsis :

A flaw in the FTP client installed on the remote host could allow a
rogue FTP server to write to arbitrary locations on the remote host.

Description :

The remote host contains a version of the Microsoft FTP client that
contains a flaw in the way it handles FTP download. An attacker could
exploit this flaw to modify the destination location for files
downloaded via FTP.

To exploit this flaw an attacker would need to set up a rogue FTP server
and have a victim on the remote host connect to it and download a file
manually using the affected client.

See also :

http://technet.microsoft.com/en-us/security/bulletin/ms05-044

Solution :

Microsoft has released a set of patches for Windows 2000, XP and
2003.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N)
CVSS Temporal Score : 2.1
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 19997 ()

Bugtraq ID: 12160

CVE ID: CVE-2005-2126