WS_FTP Home / Professional Format String Vulnerability Date: Tuesday, August 19, 2008 @ 15:00:03 UTC Topic: Security SECUNIA ADVISORY ID: SA31504 VERIFY ADVISORY: http://secunia.com/advisories/31504/ CRITICAL: Moderately critical IMPACT: System access SOFTWARE: Ipswitch WS_FTP Professional 2007 - http://secunia.com/product/13838/ Ipswitch WS_FTP Home 2007 - http://secunia.com/product/19609/ DESCRIPTION: securfrog has discovered a vulnerability in WS_FTP Home and Professional, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a format string error when processing responses of the FTP server. This can be exploited by e.g. tricking a user into connecting to a malicious FTP server. Successful exploitation may allow the execution of arbitrary code. The vulnerability is confirmed in WS_FTP Home version 2007.0.0.2 and WS_FTP Professional version 2007.1.0.0. Other versions may also be affected. SOLUTION: Connect to trusted servers only. PROVIDED AND/OR DISCOVERED BY: securfrog ORIGINAL ADVISORY: http://milw0rm.com/exploits/6257 This article comes from Ravens PHP Scripts https://www.ravenphpscripts.com The URL for this story is: https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3420