WinSCP Protocol Handler Command Line Switch Injection Date: Friday, September 14, 2007 @ 13:02:00 UTC Topic: Security SECUNIA ADVISORY ID: SA26820 VERIFY ADVISORY: http://secunia.com/advisories/26820/ CRITICAL: Highly critical IMPACT: Manipulation of data, System access WHERE: >From remote SOFTWARE: WinSCP 4.x - http://secunia.com/product/14323/ DESCRIPTION: Kender.Security has discovered a vulnerability in WinSCP, which can be exploited by malicious people to manipulate certain files on a user's system and potentially to compromise a vulnerable system. This is similar to: SA20575 The vulnerability is confirmed in version 4.0.3. Prior versions may also be affected. SOLUTION: Update to version 4.0.4. - http://winscp.net/eng/download.php PROVIDED AND/OR DISCOVERED BY: Kender.Security ORIGINAL ADVISORY: http://winscp.net/eng/docs/history#4.0.4 OTHER REFERENCES: SA20575: http://secunia.com/advisories/20575/ This article comes from Ravens PHP Scripts https://www.ravenphpscripts.com The URL for this story is: https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=3068