Vulnerability Details : CVE-2011-4266
Untrusted search path vulnerability in FFFTP before 1.98d allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file, a different vulnerability than CVE-2011-3991.
Products affected by CVE-2011-4266
- cpe:2.3:a:ffftp:ffftp:*:c:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.98:*:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.96c:*:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.96b:*:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.96a:*:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.96:*:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.89:*:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.88b:*:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.88a:*:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.88:*:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.87a:*:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.97b:*:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.97:*:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.94a:*:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.93:*:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.91:*:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.89b:*:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.87:*:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.86:*:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.79a:*:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.98:b:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.98:a:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.92c:*:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.92b:*:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.92a:*:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.92:*:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.84:*:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.83:*:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.82:*:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.81:*:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.97a:*:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.96d:*:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.95:*:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.94:*:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.90:*:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.89a:*:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.86a:*:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.85:*:*:*:*:*:*:*
- cpe:2.3:a:ffftp:ffftp:1.80:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-4266
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 36 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-4266
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
References for CVE-2011-4266
-
http://jvn.jp/en/jp/JVN94002296/index.html
JVN#94002296: FFFTP may insecurely load executable files
-
http://sourceforge.jp/projects/ffftp/wiki/Security
FFFTPに関するセキュリティ/脆弱性関連情報 - FFFTP Wiki - FFFTP - OSDN
-
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000104
JVNDB-2011-000104 - JVN iPedia - 脆弱性対策情報データベース
Jump to