[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3da3d8310701161241u159af35axef000281019959d5@mail.gmail.com>
Date: Tue, 16 Jan 2007 15:41:12 -0500
From: "Eliah Kagan" <degeneracypressure@...il.com>
To: bugtraq@...urityfocus.com
Subject: Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability
On 1/14/07, 3APA3A wrote:
> Pretending this vulnerability IS exploitable, what is security impact
> from it? What can you achieve by exploiting this vulnerability you cant
> archive without it?
This is a very relevant question, as it appears from the description
that the vulnerability *is* exploitable--for instance if WS_FTP 2007
handles ftp:// URLs (in whatever browser the user is using) and the
user clicks a link with a specially crafted, really long ftp:// URL
(or if the user is told to paste in a ftp:// link and follows the
instructions). That it is not remotely exploitable in some ways does
not necessarily prevent it from being exploitable by an automatic,
off-site mechanism (e.g. a link on a website) in other, more basic
ways requiring simple user interaction. So it could be remotely
exploitable after all.
On the other hand, most people don't tell their browsers to open up a
separate application to handle ftp:// links.
-Eliah
Powered by blists - more mailing lists