Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability Jan 12 2007 10:52PM
sapheal hack pl (1 replies)
Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability Jan 14 2007 10:03PM
3APA3A (3APA3A SECURITY NNOV RU) (1 replies)
Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability Jan 16 2007 08:41PM
Eliah Kagan (degeneracypressure gmail com) (1 replies)
Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability Jan 16 2007 10:33PM
HACKPL - bugtraq/sapheal (sapheal hack pl)
> So it could be remotely
> exploitable after all.
>
> On the other hand, most people don't tell their browsers to open up a
> separate application to handle ftp:// links.

I agree. It could be exploited in the aforementioned way(but: WS_FTP is not
registered to handle FTP protocol by default). Now I am thinking of
something else. Could we use a specially crafted FHF file to exploit the
vulnerability? I haven't checked that yet.

Michal Bucko (sapheal)

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus