[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <802385179.20070115010302@SECURITY.NNOV.RU>
Date: Mon, 15 Jan 2007 01:03:02 +0300
From: 3APA3A <3APA3A@...URITY.NNOV.RU>
To: sapheal@...k.pl
Cc: bugtraq@...urityfocus.com
Subject: Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability
Dear sapheal@...k.pl,
shp> conditions. However, as the issue involves the control that is not
shp> marked safe for scripting nor for initialization, it cannot be
shp> exploited remotely. Moreover, as for know I have not proved it is
shp> exploitable.
shp> Unhandled exception at 0x7c840a81 in wsftpurl.exe:
shp> 0xC0000005: Access violation reading location 0x41414141.
shp> In order to analyze the vulnerability one might execute
shp> wsftpurl.exe with a long argument.
Pretending this vulnerability IS exploitable, what is security impact
from it? What can you achieve by exploiting this vulnerability you cant
archive without it?
--
~/ZARAZA
http://www.security.nnov.ru/
Reasoning depends upon programming, not on hardware and we are the
ultimate program! (Frank Herbert).
Powered by blists - more mailing lists