Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability Jan 12 2007 10:52PM
sapheal hack pl (1 replies)
Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability Jan 14 2007 10:03PM
3APA3A (3APA3A SECURITY NNOV RU) (1 replies)
Dear sapheal (at) hack (dot) pl [email concealed],

shp> conditions. However, as the issue involves the control that is not
shp> marked safe for scripting nor for initialization, it cannot be
shp> exploited remotely. Moreover, as for know I have not proved it is
shp> exploitable.

shp> Unhandled exception at 0x7c840a81 in wsftpurl.exe:
shp> 0xC0000005: Access violation reading location 0x41414141.

shp> In order to analyze the vulnerability one might execute
shp> wsftpurl.exe with a long argument.

Pretending this vulnerability IS exploitable, what is security impact
from it? What can you achieve by exploiting this vulnerability you cant
archive without it?

--
~/ZARAZA
http://www.security.nnov.ru/
Reasoning depends upon programming, not on hardware and we are the
ultimate program! (Frank Herbert).

[ reply ]
Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability Jan 16 2007 08:41PM
Eliah Kagan (degeneracypressure gmail com) (1 replies)
Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability Jan 16 2007 10:33PM
HACKPL - bugtraq/sapheal (sapheal hack pl)


 

Privacy Statement
Copyright 2010, SecurityFocus