FFFTP CVE-2011-4266 Insecure Executable File Loading Arbitrary Code Execution Vulnerability
BID:51063
Info
FFFTP CVE-2011-4266 Insecure Executable File Loading Arbitrary Code Execution Vulnerability
| Bugtraq ID: | 51063 |
| Class: | Design Error |
| CVE: |
CVE-2011-4266 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 14 2011 12:00AM |
| Updated: | Dec 14 2011 12:00AM |
| Credit: | Fumihiko Sano |
| Vulnerable: |
FFFTP FFFTP 1.98c FFFTP FFFTP 1.98b FFFTP FFFTP 1.98a |
| Not Vulnerable: |
FFFTP FFFTP 1.98d |
Discussion
FFFTP CVE-2011-4266 Insecure Executable File Loading Arbitrary Code Execution Vulnerability
FFFTP is prone to a vulnerability that lets attackers execute arbitrary code.
A successful exploit can allow the attacker to execute an arbitrary program in the context of the user running the affected application.
FFFTP versions prior to 1.98d are vulnerable.
FFFTP is prone to a vulnerability that lets attackers execute arbitrary code.
A successful exploit can allow the attacker to execute an arbitrary program in the context of the user running the affected application.
FFFTP versions prior to 1.98d are vulnerable.
Exploit / POC
FFFTP CVE-2011-4266 Insecure Executable File Loading Arbitrary Code Execution Vulnerability
Attackers must entice an unsuspecting user into opening a file on a remote WebDAV or SMB share to exploit this issue.
Attackers must entice an unsuspecting user into opening a file on a remote WebDAV or SMB share to exploit this issue.
Solution / Fix
FFFTP CVE-2011-4266 Insecure Executable File Loading Arbitrary Code Execution Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
FFFTP CVE-2011-4266 Insecure Executable File Loading Arbitrary Code Execution Vulnerability
References:
References:
- FFFTP Homepage (FFFTP)
- JVN#94002296 FFFTP may insecurely load executable files (JPCERT/CC and IPA)
- JVNDB-2011-000104 FFFTP may insecurely load executable files (IPA)