Synopsis: WS_FTP 2007 Professional SCP handling format string vulnerability Product: WS_FTP 2007 Professional Vendor: Ipswitch
"[..]Transfer files anywhere, anytime, with complete security.
* Lightning fast transfer speeds * Industry leading security * Time saving features include schedule, backup, and email
II. Problem Description Remote code execution is possible.
III. Details SCP handling module is vulnerable to format string vulnerability. Opening a specially crafted SCP file with WS_FTP 2007 script handler might lead to arbitrary code execution. The specially crafted file uses the WS_FTP script command "SHELL" and executes the file with the specially crafted name. The file is access using "file://".
Michal Bucko (sapheal)