Bugtraq mailing list archives
Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability
From: "HACKPL - bugtraq/sapheal" <sapheal () hack pl>
Date: Tue, 16 Jan 2007 23:33:00 +0100
So it could be remotely exploitable after all. On the other hand, most people don't tell their browsers to open up a separate application to handle ftp:// links.
I agree. It could be exploited in the aforementioned way(but: WS_FTP is not registered to handle FTP protocol by default). Now I am thinking of something else. Could we use a specially crafted FHF file to exploit the vulnerability? I haven't checked that yet.
Michal Bucko (sapheal)
Current thread:
- Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability sapheal (Jan 12)
- Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability 3APA3A (Jan 15)
- Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability Eliah Kagan (Jan 16)
- Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability HACKPL - bugtraq/sapheal (Jan 16)
- Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability Eliah Kagan (Jan 16)
- Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability 3APA3A (Jan 15)