lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 15 Jan 2007 01:03:02 +0300
Subject: Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability


shp> conditions.  However, as the issue involves the control that is not
shp> marked  safe  for  scripting  nor  for initialization, it cannot be
shp> exploited  remotely.  Moreover, as for know I have not proved it is
shp> exploitable.

shp> Unhandled exception at 0x7c840a81 in wsftpurl.exe:
shp> 0xC0000005: Access violation reading location 0x41414141.

shp> In order to analyze the vulnerability one might execute
shp> wsftpurl.exe with a long argument. 

Pretending  this  vulnerability  IS exploitable, what is security impact
from  it? What can you achieve by exploiting this vulnerability you cant
archive without it?

Reasoning  depends  upon  programming,  not  on  hardware and we are the
ultimate program! (Frank Herbert).

Powered by blists - more mailing lists