<<< Date Index >>>     <<< Thread Index >>>

Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability



So it could be remotely
exploitable after all.

On the other hand, most people don't tell their browsers to open up a
separate application to handle ftp:// links.


I agree. It could be exploited in the aforementioned way(but: WS_FTP is not registered to handle FTP protocol by default). Now I am thinking of something else. Could we use a specially crafted FHF file to exploit the vulnerability? I haven't checked that yet.

Michal Bucko (sapheal)