Vulnerabilities > CVE-2011-4266 - Insecure Executable File Loading Arbitrary Code Execution vulnerability in FFFTP

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

ffftp

critical

NVD

Published: 2011-12-13

Updated: 2012-02-21

Summary

Untrusted search path vulnerability in FFFTP before 1.98d allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file, a different vulnerability than CVE-2011-3991. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'

Vulnerable Configurations

Part	Description	Count
Application	Ffftp Ffftp Ffftp 1.79A Ffftp Ffftp 1.80 Ffftp Ffftp 1.81 Ffftp Ffftp 1.82 Ffftp Ffftp 1.83 Ffftp Ffftp 1.84 Ffftp Ffftp 1.85 Ffftp Ffftp 1.86 Ffftp Ffftp 1.86A Ffftp Ffftp 1.87 Ffftp Ffftp 1.87A Ffftp Ffftp 1.88 Ffftp Ffftp 1.88A Ffftp Ffftp 1.88B Ffftp Ffftp 1.89 Ffftp Ffftp 1.89A Ffftp Ffftp 1.89B Ffftp Ffftp 1.90 Ffftp Ffftp 1.91 Ffftp Ffftp 1.92 Ffftp Ffftp 1.92A Ffftp Ffftp 1.92B Ffftp Ffftp 1.92C Ffftp Ffftp 1.93 Ffftp Ffftp 1.94 Ffftp Ffftp 1.94A Ffftp Ffftp 1.95 Ffftp Ffftp 1.96 Ffftp Ffftp 1.96A Ffftp Ffftp 1.96B Ffftp Ffftp 1.96C Ffftp Ffftp 1.96D Ffftp Ffftp 1.97 Ffftp Ffftp 1.97A Ffftp Ffftp 1.97B Ffftp Ffftp 1.98	39

Summary

Vulnerable Configurations

References