SECUNIA ADVISORY ID: SA31504
VERIFY ADVISORY: http://secunia.com/advisories/31504/
CRITICAL: Moderately critical
IMPACT: System access
SOFTWARE:
Ipswitch WS_FTP Professional 2007 - http://secunia.com/product/13838/
Ipswitch WS_FTP Home 2007 - http://secunia.com/product/19609/
DESCRIPTION: securfrog has discovered a vulnerability in WS_FTP Home and Professional, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a format string error when processing responses of the FTP server. This can be exploited by e.g. tricking a user into connecting to a malicious FTP server. Successful exploitation may allow the execution of arbitrary code. The vulnerability is confirmed in WS_FTP Home version 2007.0.0.2 and WS_FTP Professional version 2007.1.0.0. Other versions may also be affected.
SOLUTION: Connect to trusted servers only.
PROVIDED AND/OR DISCOVERED BY: securfrog
ORIGINAL ADVISORY: http://milw0rm.com/exploits/6257
WS_FTP Home / Professional Format String VulnerabilityPosted on Tuesday, August 19, 2008 @ 15:00:03 CDT in Security |
Related
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
