Ipswitch WS_FTP 2007 Professional 'WSFTPURL.EXE' 拒绝服务攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1192078 漏洞类型 缓冲区溢出
发布时间 2007-01-17 更新时间 2007-02-05
CVE编号 CVE-2007-0330 CNNVD-ID CNNVD-200701-280
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://cxsecurity.com/issue/WLB-2007010075
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200701-280
|漏洞详情
当被wsftpurl.exe使用时,IpswitchWS_FTP2007Professional的wsbho2k0.dll中存在缓冲区溢出漏洞。远程攻击者可以借助HTML文档中的一个过长的ftp://URL和其他参数,引起拒绝服务攻击(应用程序崩溃)以及可能执行任意代码。
|漏洞EXP
> So it could be remotely
> exploitable after all.
>
> On the other hand, most people don't tell their browsers to open up a
> separate application to handle ftp:// links.

I agree. It could be exploited in the aforementioned way(but: WS_FTP is not 
registered to handle FTP protocol by default). Now I am thinking of 
something else. Could we use a specially crafted FHF file to exploit the 
vulnerability? I haven't checked that yet.

Michal Bucko (sapheal)
|参考资料

来源:BID
名称:22062
链接:http://www.securityfocus.com/bid/22062
来源:BUGTRAQ
名称:20070116Re:IpswitchWS_FTP2007Professional"wsftpurl"accessviolationvulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/457097/100/0/threaded
来源:BUGTRAQ
名称:20070114Re:IpswitchWS_FTP2007Professional"wsftpurl"accessviolationvulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/456901/100/0/threaded
来源:BUGTRAQ
名称:20070112IpswitchWS_FTP2007Professional"wsftpurl"accessviolationvulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/456755/100/0/threaded
来源:OSVDB
名称:33476
链接:http://osvdb.org/33476
来源:SREASON
名称:2160
链接:http://securityreason.com/securityalert/2160