Re: Ipswitch WS_FTP 2007 Professional wsftpurl access violation vulnerability
On 1/14/07, 3APA3A wrote: Pretending this vulnerability IS exploitable, what is security impact from it? What can you achieve by exploiting this vulnerability you cant archive without it? This is a very relevant question, as it appears from the description that the vulnerability *is* exploitable--for instance if WS_FTP 2007 handles ftp:// URLs (in whatever browser the user is using) and the user clicks a link with a specially crafted, really long ftp:// URL (or if the user is told to paste in a ftp:// link and follows the instructions). That it is not remotely exploitable in some ways does not necessarily prevent it from being exploitable by an automatic, off-site mechanism (e.g. a link on a website) in other, more basic ways requiring simple user interaction. So it could be remotely exploitable after all. On the other hand, most people don't tell their browsers to open up a separate application to handle ftp:// links. -Eliah
Re: Ipswitch WS_FTP 2007 Professional wsftpurl access violation vulnerability
So it could be remotely exploitable after all. On the other hand, most people don't tell their browsers to open up a separate application to handle ftp:// links. I agree. It could be exploited in the aforementioned way(but: WS_FTP is not registered to handle FTP protocol by default). Now I am thinking of something else. Could we use a specially crafted FHF file to exploit the vulnerability? I haven't checked that yet. Michal Bucko (sapheal)
Re: Ipswitch WS_FTP 2007 Professional wsftpurl access violation vulnerability
Dear [EMAIL PROTECTED], shp conditions. However, as the issue involves the control that is not shp marked safe for scripting nor for initialization, it cannot be shp exploited remotely. Moreover, as for know I have not proved it is shp exploitable. shp Unhandled exception at 0x7c840a81 in wsftpurl.exe: shp 0xC005: Access violation reading location 0x41414141. shp In order to analyze the vulnerability one might execute shp wsftpurl.exe with a long argument. Pretending this vulnerability IS exploitable, what is security impact from it? What can you achieve by exploiting this vulnerability you cant archive without it? -- ~/ZARAZA http://www.security.nnov.ru/ Reasoning depends upon programming, not on hardware and we are the ultimate program! (Frank Herbert).