MS05-044: Vulnerability in the Windows FTP Client Could Allow File Transfer Location Tampering (905495)
Low Nessus Plugin ID 19997
SynopsisA flaw in the FTP client installed on the remote host could allow a rogue FTP server to write to arbitrary locations on the remote host.
DescriptionThe remote host contains a version of the Microsoft FTP client that contains a flaw in the way it handles FTP download. An attacker could exploit this flaw to modify the destination location for files downloaded via FTP.
To exploit this flaw an attacker would need to set up a rogue FTP server and have a victim on the remote host connect to it and download a file manually using the affected client.
SolutionMicrosoft has released a set of patches for Windows 2000, XP and 2003.