On 1/14/07, 3APA3A wrote:
Pretending this vulnerability IS exploitable, what is security impact from it? What can you achieve by exploiting this vulnerability you cant archive without it?
This is a very relevant question, as it appears from the description that the vulnerability *is* exploitable--for instance if WS_FTP 2007 handles ftp:// URLs (in whatever browser the user is using) and the user clicks a link with a specially crafted, really long ftp:// URL (or if the user is told to paste in a ftp:// link and follows the instructions). That it is not remotely exploitable in some ways does not necessarily prevent it from being exploitable by an automatic, off-site mechanism (e.g. a link on a website) in other, more basic ways requiring simple user interaction. So it could be remotely exploitable after all. On the other hand, most people don't tell their browsers to open up a separate application to handle ftp:// links. -Eliah
