A flaw in the FTP client installed on the remote host may allow a rogue
FTP server to write to arbitrary locations on the remote host.
Description :
The remote host contains a version of the Microsoft FTP client which contains
a flaw in the way it handles FTP download. An attacker may exploit this flaw
to modify the destination location for files downloaded via FTP.
To exploit this flaw an attacker would need to set up a rogue FTP server
and have a victim on the remote host connect to it and download a file
manaully.
Solution :
Microsoft has released a set of patches for Windows 2000, XP and 2003 :
