FFFTP Untrusted Search Path Vulnerability (Windows) Network Vulnerability

Summary

The host is running FFFTP and is prone to untrusted search path vulnerability.

Impact

Successful exploitation could allow attackers to execute an arbitrary program in the context of the user running the affected application. Impact Level: Application

Solution

Upgrade to the FFFTP version 1.98b or later, For updates refer to http://sourceforge.jp/projects/ffftp/releases/

Insight

The flaw is due to an error in application, loading executables (e.g. notepad.exe) in an insecure manner.

Affected

FFFTP version 1.98a and prior on windows

References

http://jvn.jp/en/jp/JVN62336482/index.html
http://jvndb.jvn.jp/ja/contents/2011/JVNDB-2011-000091.html
http://secunia.com/advisories/46649
http://xforce.iss.net/xforce/xfdb/71020

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3991

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Acrobat Multiple Unspecified Vulnerabilities -01 May13 (Windows)
Adobe Acrobat Multiple Vulnerabilities - 01 May14 (Mac OS X)
Adobe Acrobat Multiple Vulnerabilities - Windows
Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Windows)
Adobe Acrobat Multiple Vulnerabilities-01 Sep14 (Windows)

Take action and discover your vulnerabilities