CVE-2007-4356 Information

Description

Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML files that are retrieved during an FTP session which allows context-dependent attackers to obtain sensitive information by reading the HTML source as demonstrated by a (1) .htm (2) .html or (3) .mht file.

Reference

http://blog.washingtonpost.com/securityfix/2007/08/ftp_files_expose_web_site_cred.html http://osvdb.org/36400 http://secunia.com/advisories/26427