Details of VAR-200701-0038

ID

VAR-200701-0038

CVE

CVE-2007-0330

TITLE

Ipswitch WS_FTP 2007 Professional of wsftpurl.exe Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2007-003232

DESCRIPTION

Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch WS_FTP 2007 Professional allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long ftp:// URL in an HTML document, and possibly other vectors. Ipswitch WS_FTP 2007 Professional is prone to a local memory-corruption vulnerability. This issue occurs when the 'wsbho2k0.dll' library fails to handle specially crafted arguments. Due to the nature of this issue, an attacker may be able to execute arbitrary machine code in the context of the affected kernel, but this has not been confirmed. Failed exploit attempts result in kernel panics, denying service to legitimate users. Ipswitch WS_FTP 2007 Professional is vulnerable to this issue; other versions may also be affected. A buffer overflow vulnerability exists in Ipswitch WS_FTP 2007 Professional's wsbho2k0.dll when used by wsftpurl.exe

Trust: 1.98

sources: NVD: CVE-2007-0330 // JVNDB: JVNDB-2007-003232 // BID: 22062 // VULHUB: VHN-23692

AFFECTED PRODUCTS

vendor:	ipswitch	model:	ws ftp pro	scope:	eq	version:	2007	Trust: 1.6
vendor:	ipswitch	model:	ws ftp pro	scope:	eq	version:	2007 professional	Trust: 0.8
vendor:	ipswitch	model:	ws ftp server professional	scope:	eq	version:	2007	Trust: 0.3

sources: BID: 22062 // JVNDB: JVNDB-2007-003232 // CNNVD: CNNVD-200701-280 // NVD: CVE-2007-0330

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-0330
value:	HIGH
Trust: 1.0
NVD:	CVE-2007-0330
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200701-280
value:	HIGH
Trust: 0.6
VULHUB:	VHN-23692
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2007-0330
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-23692
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-23692 // JVNDB: JVNDB-2007-003232 // CNNVD: CNNVD-200701-280 // NVD: CVE-2007-0330

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-0330

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200701-280

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200701-280

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-003232

PATCH

title:

WS_FTP

url:

http://www.ipswitchft.com/

Trust: 0.8

sources: JVNDB: JVNDB-2007-003232

EXTERNAL IDS

db:	NVD	id:	CVE-2007-0330	Trust: 2.5
db:	BID	id:	22062	Trust: 2.0
db:	OSVDB	id:	33476	Trust: 1.7
db:	SREASON	id:	2160	Trust: 1.7
db:	JVNDB	id:	JVNDB-2007-003232	Trust: 0.8
db:	CNNVD	id:	CNNVD-200701-280	Trust: 0.7
db:	BUGTRAQ	id:	20070116 RE: IPSWITCH WS_FTP 2007 PROFESSIONAL "WSFTPURL" ACCESS VIOLATION VULNERABILITY	Trust: 0.6
db:	BUGTRAQ	id:	20070114 RE: IPSWITCH WS_FTP 2007 PROFESSIONAL "WSFTPURL" ACCESS VIOLATION VULNERABILITY	Trust: 0.6
db:	BUGTRAQ	id:	20070112 IPSWITCH WS_FTP 2007 PROFESSIONAL "WSFTPURL" ACCESS VIOLATION VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-23692	Trust: 0.1

sources: VULHUB: VHN-23692 // BID: 22062 // JVNDB: JVNDB-2007-003232 // CNNVD: CNNVD-200701-280 // NVD: CVE-2007-0330

REFERENCES

url:	http://www.securityfocus.com/bid/22062	Trust: 1.7
url:	http://osvdb.org/33476	Trust: 1.7
url:	http://securityreason.com/securityalert/2160	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/456755/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/456901/100/0/threaded	Trust: 1.1
url:	http://www.securityfocus.com/archive/1/457097/100/0/threaded	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0330	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0330	Trust: 0.8
url:	http://www.securityfocus.com/archive/1/archive/1/457097/100/0/threaded	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/456901/100/0/threaded	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/456755/100/0/threaded	Trust: 0.6
url:	http://www.ipswitch.com/products/ws_ftp/home/index.asp	Trust: 0.3
url:	/archive/1/456755	Trust: 0.3
url:	/archive/1/456901	Trust: 0.3

sources: VULHUB: VHN-23692 // BID: 22062 // JVNDB: JVNDB-2007-003232 // CNNVD: CNNVD-200701-280 // NVD: CVE-2007-0330

CREDITS

Michal Bucko is credited with the discovery of this vulnerability.

Trust: 0.9

sources: BID: 22062 // CNNVD: CNNVD-200701-280

SOURCES

db:	VULHUB	id:	VHN-23692
db:	BID	id:	22062
db:	JVNDB	id:	JVNDB-2007-003232
db:	CNNVD	id:	CNNVD-200701-280
db:	NVD	id:	CVE-2007-0330

LAST UPDATE DATE

2025-04-10T23:01:24.186000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-23692	date:	2018-10-16T00:00:00
db:	BID	id:	22062	date:	2007-01-16T18:00:00
db:	JVNDB	id:	JVNDB-2007-003232	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-200701-280	date:	2007-02-05T00:00:00
db:	NVD	id:	CVE-2007-0330	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-23692	date:	2007-01-18T00:00:00
db:	BID	id:	22062	date:	2007-01-15T00:00:00
db:	JVNDB	id:	JVNDB-2007-003232	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-200701-280	date:	2007-01-17T00:00:00
db:	NVD	id:	CVE-2007-0330	date:	2007-01-18T02:28:00