CVE-2011-4266

{"id": "CVE-2011-4266", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2011-12-13T11:55:06.157", "references": [{"url": "http://jvn.jp/en/jp/JVN94002296/index.html", "source": "vultures@jpcert.or.jp"}, {"url": "http://jvndb.jvn.jp/jvndb/JVNDB-2011-000104", "source": "vultures@jpcert.or.jp"}, {"url": "http://sourceforge.jp/projects/ffftp/wiki/Security", "source": "vultures@jpcert.or.jp"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Untrusted search path vulnerability in FFFTP before 1.98d allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file, a different vulnerability than CVE-2011-3991."}, {"lang": "es", "value": "Una vulnerabilidad de ruta de b\u00fasqueda no confiable en FFFTP antes de v1.98d permite a usuarios locales conseguir privilegios a trav\u00e9s de un archivo troyano ejecutable en un directorio al que se accede para leer un archivo sin extensi\u00f3n, como lo demuestra la ejecuci\u00f3n del archivo README.EXE cuando un usuario intenta acceder a los archivos README. Se trata de una vulnerabilidad diferente a CVE-2011-3991."}], "lastModified": "2012-02-21T05:00:00.000", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:ffftp:ffftp:*:c:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA24ED59-5993-4ECE-B229-A1EFE66E38A5", "versionEndIncluding": "1.98"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.79a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6079BDCD-8456-4EC4-A26B-D47D2C6BA538"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.80:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E21A59EC-4B60-4D1F-9133-1C1597928E7B"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.81:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5818E00B-7695-4141-ADF9-211BA8827523"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.82:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89C6775E-2630-4DC0-B1C3-AFAE3EDEC076"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.83:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F01DC780-E509-4A5A-AD11-8FBA4D1EEA00"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.84:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F1F1232E-4E50-4A09-A016-A831E7817FE4"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.85:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6187A8B8-26D3-44F0-9C7F-420EF14258F2"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.86:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE5AB09B-FC1A-4DB2-8154-3A00510CAC02"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.86a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "66453CFD-9598-4D52-B354-957620F41E2A"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.87:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DF5207D-1873-493F-884D-C8275CA769FE"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.87a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B237E67E-A7D3-4F70-98DB-70D5276D7290"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.88:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80C23BA7-07B7-4243-B2AC-70B9368F36C2"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.88a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B6DAA2D-A411-41F8-8375-518CC8055823"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.88b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85DF6151-83F8-4DCE-A7FC-D972016BB6A1"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.89:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "220F57C1-1FCF-474A-AF76-3503927E813C"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.89a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A7EC8554-8AC6-48A4-80C4-604204A26726"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.89b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14534B40-97E2-4857-A6E1-01070D3E230C"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.90:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B78E33E-0729-4927-B78A-0A89F2964EF8"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.91:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8402D8F5-79C7-4D17-9DE2-E80F94F9F790"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.92:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54ECEDAB-833B-4481-9905-9513725FC302"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.92a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33C73FEA-0FB5-479C-9039-040EAAAAA6FE"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.92b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F858E6C3-7750-4AF3-93E7-3666236F17D7"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.92c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BE4515E-5C99-46C5-A2C3-2C830236C1B8"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.93:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E421601-9519-4C61-ABE1-E9B20E2DCB6F"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.94:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "304495C5-E758-4B24-9D8D-A0F843F950D7"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.94a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A755088-E8D9-47F5-953A-C931372C218C"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.95:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "11E6A50D-36DD-4F67-BB5B-AA8B50E08A2C"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.96:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "230A3300-1D94-42A1-B764-5AAC46F57EFF"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.96a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C35F98C7-B232-4E78-96D3-1DB6CB56B684"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.96b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53DE04E1-A41D-4A94-A623-C71CC686AD30"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.96c:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E36AFA55-CA09-48CB-9C63-B044E0958721"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.96d:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "19F29921-D221-4E5E-8BB9-02204AFC22DB"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.97:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9EA3E7B0-BB36-4344-A417-50B1CCEBD647"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.97a:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E9E2C57-A449-4552-AE19-063318CACC5F"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.97b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7230DBF0-E056-4A33-B4F3-204619B4EFCD"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.98:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5CCE2380-5891-4294-87A2-4AACE8434EC2"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.98:a:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DEB0A8D-3A14-41E6-B873-C2E2C97F81FE"}, {"criteria": "cpe:2.3:a:ffftp:ffftp:1.98:b:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0EC5E7F4-E490-4E37-BFDE-8DA183E75286"}], "operator": "OR"}]}], "evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n'CWE-426: Untrusted Search Path'", "sourceIdentifier": "vultures@jpcert.or.jp"}