Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability

To: "Eliah Kagan" <degeneracypressure@xxxxxxxxx>
Subject: Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability
From: "HACKPL - bugtraq/sapheal" <sapheal@xxxxxxx>
Date: Tue, 16 Jan 2007 23:33:00 +0100
Cc: <bugtraq@xxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <123277447245a81130006049.47954328.Active.mail@xxxxxxxxxxxxxxx> <802385179.20070115010302@xxxxxxxxxxxxxxxx> <3da3d8310701161241u159af35axef000281019959d5@xxxxxxxxxxxxxx>

So it could be remotely
exploitable after all.

On the other hand, most people don't tell their browsers to open up a
separate application to handle ftp:// links.

I agree. It could be exploited in the aforementioned way(but: WS_FTP is notregistered to handle FTP protocol by default). Now I am thinking ofsomething else. Could we use a specially crafted FHF file to exploit thevulnerability? I haven't checked that yet.

Michal Bucko (sapheal)

References:
- Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability
  - From: sapheal
- Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability
  - From: 3APA3A
- Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability
  - From: Eliah Kagan

Prev by Date: [ MDKSA-2007:014 ] - Updated bluez-utils packages fix hidd vulnerability
Next by Date: [ GLSA 200701-11 ] Kronolith: Local file inclusion
Previous by thread: Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability
Next by thread: PHP-Nuke <= 7.9 Old-Articles Block "cat" SQL Injection vulnerability
Index(es):
- Date
- Thread