Bugtraq mailing list archives
Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability
From: "Eliah Kagan" <degeneracypressure () gmail com>
Date: Tue, 16 Jan 2007 15:41:12 -0500
On 1/14/07, 3APA3A wrote:
Pretending this vulnerability IS exploitable, what is security impact from it? What can you achieve by exploiting this vulnerability you cant archive without it?
This is a very relevant question, as it appears from the description that the vulnerability *is* exploitable--for instance if WS_FTP 2007 handles ftp:// URLs (in whatever browser the user is using) and the user clicks a link with a specially crafted, really long ftp:// URL (or if the user is told to paste in a ftp:// link and follows the instructions). That it is not remotely exploitable in some ways does not necessarily prevent it from being exploitable by an automatic, off-site mechanism (e.g. a link on a website) in other, more basic ways requiring simple user interaction. So it could be remotely exploitable after all. On the other hand, most people don't tell their browsers to open up a separate application to handle ftp:// links. -Eliah
Current thread:
- Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability sapheal (Jan 12)
- Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability 3APA3A (Jan 15)
- Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability Eliah Kagan (Jan 16)
- Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability HACKPL - bugtraq/sapheal (Jan 16)
- Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability Eliah Kagan (Jan 16)
- Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability 3APA3A (Jan 15)