FFFTP Untrusted Search Path Vulnerability (Windows) - Dec 11 Network Vulnerability

Summary

The host is running FFFTP and is prone to untrusted search path vulnerability.

Impact

Successful exploitation could allow attackers to execute an arbitrary program in the context of the user running the affected application. Impact Level: Application

Solution

Upgrade to the FFFTP version 1.98d or later, For updates refer to http://sourceforge.jp/projects/ffftp/releases/

Insight

The flaw is due to an error when loading executables (readme.exe) in an insecure manner. This can be exploited to run an arbitrary program by tricking a user into opening a file located on a remote WebDAV or SMB share.

Affected

FFFTP version 1.98c and prior.

References

http://jvn.jp/en/jp/JVN94002296/index.html
http://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-000104.html
http://secunia.com/advisories/47137/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-4266

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Captivate Insecure Library Loading Vulnerability
Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Mac OS X)
Adobe Acrobat Multiple Unspecified Vulnerabilities -01 Feb13 (Windows)
Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Windows)
Adobe Acrobat Out-of-bounds Vulnerability Feb15 (Windows)

Take action and discover your vulnerabilities