Intrusion Prevention

MS.IE.FTP.Web.View.XSS

Description

Microsoft Internet Explorer has a Cross-site scripting (XSS) vulnerability. A remote attacker could execute an arbitrary web script or HTML via the hostname portion of an FTP URL, when Internet Explorer is running on Windows 2000 with "Enable folder view for FTP sites" and "Enable Web content in folders" selected.

Affected Products

Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 5.5 SP1
Microsoft Internet Explorer 5.5 SP2
Microsoft Internet Explorer 6.0

Impact

Gain Access.

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.
http://www.microsoft.com

CVE References

CVE-2002-2062