CVE-2004-1166

Microsoft IE - Code Injection

Title source: rule

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1166. PoCs published by Albert Puigsech Galicia.

AI-analyzed exploit summary This exploit leverages a URI sanitization flaw in Microsoft Internet Explorer to inject arbitrary FTP commands, allowing attackers to execute commands like PORT and RETR or send emails via SMTP without user interaction.

Description

CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Albert Puigsech Galicia · textremotewindows

https://www.exploit-db.com/exploits/24800

View Code ZIP pw:eip

This exploit leverages a URI sanitization flaw in Microsoft Internet Explorer to inject arbitrary FTP commands, allowing attackers to execute commands like PORT and RETR or send emails via SMTP without user interaction.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Microsoft Internet Explorer (versions affected in 2004)

No auth needed

Prerequisites: Victim must visit a malicious URI or webpage containing the exploit

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (14)

Core 14

Core References

Third Party Advisory x_refsource_misc

http://www.rapid7.com/advisories/R7-0032.jsp

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-042

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/489500/100/0/threaded

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=110253463305359&w=2

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/29346

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/11826

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/18384

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/3212

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/28208

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2008/0870

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/12299

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A462

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/13404

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1012444

Scores

EPSS 0.3916

EPSS Percentile 98.4%

Details

CWE

CWE-94

Status published

Products (2)

microsoft/ie 6.0 sp1 (2 CPE variants)

microsoft/internet_explorer 6.0

Published Dec 31, 2004

Tracked Since Feb 18, 2026