=====================================================================
                                  CERT-Renater

                       Note d'Information No. 2005/VULN613
_____________________________________________________________________

DATE                      : 12/10/2005

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Windows 2000, Windows XP, Windows Server 2003.

======================================================================

MS05-044 - Vulnerability in the Windows FTP Client Could Allow File
            Transfer Location and Tampering (905495)

   - Affected Software:
     - Windows 2000 Service Pack 4
     - Windows XP Service Pack 1
     - Windows Server 2003
     - Windows Server 2003 for Itanium-based Systems

     - Impact: Remote Code Execution
     - Version Number: 1.0

Full MS05-044 advisory:
http://www.microsoft.com/technet/security/bulletin/MS05-044.mspx


Vulnerability Details:

FTP Client Vulnerability - CAN-2005-2126:

A tampering vulnerability exists in the Windows FTP client. This vulnerability
could allow an attacker to modify the intended destination location for a file
transfer, when a client has manually chosen to transfer a file by using FTP.
This vulnerability could allow the attacker to write the file to any file
system that is located on an affected system.

======================================================================

         =========================================================
         Les serveurs de référence du CERT-Renater
         http://www.urec.fr/securite
         http://www.cru.fr/securite
         http://www.renater.fr
         =========================================================
         + CERT-RENATER          | tel : 01-53-94-20-44          +
         + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
         + 75013 Paris           | email: certsvp@renater.fr     +
         =========================================================