VYPR
Unrated severityNVD Advisory· Published Mar 18, 2008· Updated Jun 16, 2026

CVE-2008-1368

CVE-2008-1368

Description

CRLF injection vulnerability in Microsoft Internet Explorer 5 and 6 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded CRLF (%0D%0A) before the FTP command, which causes the commands to be inserted into an authenticated FTP connection established earlier in the same browser session, as demonstrated using a DELE command, a variant or possibly a regression of CVE-2004-1166. NOTE: a trailing "//" can force Internet Explorer to try to reuse an existing authenticated connection.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:microsoft:internet_explorer:5:*:*:*:*:*:*:*
    • cpe:2.3:a:microsoft:internet_explorer:6:*:*:*:*:*:*:*
    • (no CPE)range: 5, 6

Patches

Vulnerability mechanics

References

6

News mentions

0

No linked articles in our index yet.