CVE-2007-0217

Name of the Vulnerable Software and Affected Versions Microsoft Internet Explorer versions 5.01 through 6

Description A remote code execution issue exists in the way Internet Explorer interprets certain responses from FTP servers. An attacker could exploit this by sending specially crafted FTP responses in an FTP session to the FTP client included in Internet Explorer. This could allow an attacker to gain the same user rights as the local user. Users with fewer user rights on the system could be less impacted than users operating with administrative user rights.

Recommendations For Microsoft Internet Explorer versions 5.01 through 6, consider restricting access to FTP servers until a patch is available. As a temporary workaround, avoid using the FTP client functionality in Internet Explorer until the issue is resolved.