Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability
On 1/14/07, 3APA3A wrote:
Pretending this vulnerability IS exploitable, what is security impact
from it? What can you achieve by exploiting this vulnerability you cant
archive without it?
This is a very relevant question, as it appears from the description
that the vulnerability *is* exploitable--for instance if WS_FTP 2007
handles ftp:// URLs (in whatever browser the user is using) and the
user clicks a link with a specially crafted, really long ftp:// URL
(or if the user is told to paste in a ftp:// link and follows the
instructions). That it is not remotely exploitable in some ways does
not necessarily prevent it from being exploitable by an automatic,
off-site mechanism (e.g. a link on a website) in other, more basic
ways requiring simple user interaction. So it could be remotely
exploitable after all.
On the other hand, most people don't tell their browsers to open up a
separate application to handle ftp:// links.
-Eliah