Synopsis: WS_FTP Home 2007 NetscapeFTPHandler denial of service Product: WS_FTP Home 2007 Author: Michal Bucko (sapheal) Issue: ====== WS_FTP Home 2007 NetscapeFTPHandler is prone to a denial of service vulnerability. The vulnerability stems from null pointer dereference. ESI 00000000 75DC3E09 MOVZX EAX,WORD PTR [ESI] The vulnerability can be triggered by the execution of a function with improper arguments: int Initialize ( char *str1, char *str2) By the way, WS_FTP server cannot deal with WS_FTP's secure loader - I found a few other probable problems regarding WS_FTP but, still, couldn't verify those. Exception occurs and information appears on the screen. The problem lies, for the second time, in null pointer dereference. I am probalby going to give more information at hack.pl as soon I fully understand the issue with WS_FTP. rgds, michal
