SECUNIA ADVISORY ID: SA26820
VERIFY ADVISORY: http://secunia.com/advisories/26820/
CRITICAL: Highly critical
IMPACT: Manipulation of data, System access
WHERE: >From remote
SOFTWARE: WinSCP 4.x - http://secunia.com/product/14323/
DESCRIPTION: Kender.Security has discovered a vulnerability in WinSCP, which can be exploited by malicious people to manipulate certain files on a user's system and potentially to compromise a vulnerable system.
This is similar to: SA20575
The vulnerability is confirmed in version 4.0.3. Prior versions may also be affected.
SOLUTION: Update to version 4.0.4. - http://winscp.net/eng/download.php
PROVIDED AND/OR DISCOVERED BY: Kender.Security
ORIGINAL ADVISORY: http://winscp.net/eng/docs/history#4.0.4
OTHER REFERENCES: SA20575: http://secunia.com/advisories/20575/
WinSCP Protocol Handler Command Line Switch InjectionPosted on Friday, September 14, 2007 @ 13:02:00 UTC in Security |
Related
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
