VYPR
Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Jun 16, 2026

CVE-2004-1166

CVE-2004-1166

Description

CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Microsoft/Ie2 versions
    cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:microsoft:ie:6.0:sp1:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:ie:6.0:sp2:*:*:*:*:*:*
  • cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:microsoft:internet_explorer:6.0:*:*:*:*:*:*:*
    • (no CPE)range: <=6.0.2800.1106

Patches

Vulnerability mechanics

References

14

News mentions

0

No linked articles in our index yet.