|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Ipswitch WS_FTP 2007 Professional "wsftpurl" access violation vulnerability
From: 3APA3A (3APA3A
SECURITY.NNOV.RU)
Date: Sun Jan 14 2007 - 16:03:02 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dear saphealhack.pl,
shp> conditions. However, as the issue involves the control that is not
shp> marked safe for scripting nor for initialization, it cannot be
shp> exploited remotely. Moreover, as for know I have not proved it is
shp> exploitable.
shp> Unhandled exception at 0x7c840a81 in wsftpurl.exe:
shp> 0xC0000005: Access violation reading location 0x41414141.
shp> In order to analyze the vulnerability one might execute
shp> wsftpurl.exe with a long argument.
Pretending this vulnerability IS exploitable, what is security impact
from it? What can you achieve by exploiting this vulnerability you cant
archive without it?
--
~/ZARAZA
http://www.security.nnov.ru/
Reasoning depends upon programming, not on hardware and we are the
ultimate program! (Frank Herbert).
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]