Microsoft Internet Explorer FTP response code execution (FTP_Bad_Response_Overflow)

About this signature or vulnerability

RealSecure Network, RealSecure Server Sensor, BlackICE PC Protection, BlackICE Server Protection, Proventia Network MFS, IBM Security Server Protection for Windows, Proventia-G 1.1 and earlier, Proventia Network IDS, RealSecure Desktop, Proventia Server IPS for Linux technology, Proventia Network IPS, Proventia Desktop, Virtual Server Protection for Vmware:

This signature detects specially-crafted server response messages that can overflow a buffer in Microsoft Internet Explorer and allow remote code execution.

This signature dectects invalid server response messages.

Default risk level

 High

Sensors that have this signature

RealSecure Network: XPU 24.56, RealSecure Server Sensor: XPU 24.56, BlackICE PC Protection: 3.6cqb, BlackICE Server Protection: 3.6.cqb, Proventia Network MFS: XPU 1.95, IBM Security Server Protection for Windows: 1.0.914.1960, IBM Security Server Protection for Windows: 2.1.14.2400, Proventia-G 1.1 and earlier: XPU 24.56, Proventia Network IDS: XPU 24.56, RealSecure Desktop: eqb, Proventia Server IPS for Linux technology: 1.95, Proventia Network IPS: XPU 1.95, Proventia Desktop: 1960, Virtual Server Protection for Vmware: 1.0

Systems affected

Microsoft Internet Explorer: 6.0, Microsoft Internet Explorer: 6.0 SP1, Microsoft Internet Explorer: 5.01 SP4, Microsoft Windows 2000: SP4, Microsoft Windows 2003 Server: x64, Microsoft Windows XP: SP2, Microsoft Windows 2003 Server: Itanium, Microsoft Windows 2003 Server: SP1, Microsoft Windows XP: x64 Professional, Microsoft Windows 2003 Server: SP1 Itanium, Microsoft Internet Explorer: 7.0

Type

Unauthorized Access Attempt

Vulnerability description

How to remove this vulnerability

References