MS05-044: Vulnerability in the Windows FTP Client Could Allow File Transfer Location Tampering (905495)

This script is Copyright (C) 2005-2017 Tenable Network Security, Inc.

Synopsis :

A flaw in the FTP client installed on the remote host could allow a
rogue FTP server to write to arbitrary locations on the remote host.

Description :

The remote host contains a version of the Microsoft FTP client that
contains a flaw in the way it handles FTP download. An attacker could
exploit this flaw to modify the destination location for files
downloaded via FTP.

To exploit this flaw an attacker would need to set up a rogue FTP server
and have a victim on the remote host connect to it and download a file
manually using the affected client.

See also :

Solution :

Microsoft has released a set of patches for Windows 2000, XP and

Risk factor :

Low / CVSS Base Score : 2.6
CVSS Temporal Score : 2.1
Public Exploit Available : true

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 19997 ()

Bugtraq ID: 12160

CVE ID: CVE-2005-2126

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now