Details of VAR-200702-0070

ID

VAR-200702-0070

CVE

CVE-2007-0665

TITLE

Ipswitch WS_FTP 2007 Professional of SCP Module format string vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2007-003312

DESCRIPTION

Format string vulnerability in the SCP module in Ipswitch WS_FTP 2007 Professional might allow remote attackers to execute arbitrary commands via format string specifiers in the filename, related to the SHELL WS_FTP script command. WS_FTP is prone to a format-string vulnerability because the application fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. A successful attack may allow the attacker to crash the application or possibly to execute arbitrary code. This may facilitate unauthorized access or privilege escalation in the context of the user running the application. WS_FTP is a standard FTP client tool under the Winsock protocol. A remote attacker may exploit this vulnerability to control the user's machine by tricking the user into opening a malicious file

Trust: 2.07

sources: NVD: CVE-2007-0665 // JVNDB: JVNDB-2007-003312 // BID: 22275 // VULHUB: VHN-24027 // VULMON: CVE-2007-0665

AFFECTED PRODUCTS

vendor:	ipswitch	model:	ws ftp pro	scope:	eq	version:	2007	Trust: 1.6
vendor:	ipswitch	model:	ws ftp pro	scope:	eq	version:	2007 professional	Trust: 0.8
vendor:	ipswitch	model:	ws ftp server professional	scope:	eq	version:	2007	Trust: 0.3

sources: BID: 22275 // JVNDB: JVNDB-2007-003312 // CNNVD: CNNVD-200702-035 // NVD: CVE-2007-0665

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2007-0665
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2007-0665
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200702-035
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-24027
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2007-0665
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2007-0665
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-24027
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-24027 // VULMON: CVE-2007-0665 // JVNDB: JVNDB-2007-003312 // CNNVD: CNNVD-200702-035 // NVD: CVE-2007-0665

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2007-0665

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200702-035

TYPE

format string

Trust: 0.6

sources: CNNVD: CNNVD-200702-035

CONFIGURATIONS

sources: JVNDB: JVNDB-2007-003312

PATCH

title:

Top page

url:

http://www.ipswitch.com/

Trust: 0.8

sources: JVNDB: JVNDB-2007-003312

EXTERNAL IDS

db:	NVD	id:	CVE-2007-0665	Trust: 2.9
db:	BID	id:	22275	Trust: 2.1
db:	OSVDB	id:	33602	Trust: 1.8
db:	JVNDB	id:	JVNDB-2007-003312	Trust: 0.8
db:	CNNVD	id:	CNNVD-200702-035	Trust: 0.7
db:	BUGTRAQ	id:	20070126 WS_FTP 2007 PROFESSIONAL SCP HANDLING FORMAT STRING VULNERABILITY	Trust: 0.6
db:	XF	id:	31865	Trust: 0.6
db:	VULHUB	id:	VHN-24027	Trust: 0.1
db:	VULMON	id:	CVE-2007-0665	Trust: 0.1

sources: VULHUB: VHN-24027 // VULMON: CVE-2007-0665 // BID: 22275 // JVNDB: JVNDB-2007-003312 // CNNVD: CNNVD-200702-035 // NVD: CVE-2007-0665

REFERENCES

url:	http://www.securityfocus.com/bid/22275	Trust: 1.8
url:	http://osvdb.org/33602	Trust: 1.8
url:	http://www.securityfocus.com/archive/1/458293/100/0/threaded	Trust: 1.2
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/31865	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0665	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0665	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/31865	Trust: 0.6
url:	http://www.securityfocus.com/archive/1/archive/1/458293/100/0/threaded	Trust: 0.6
url:	http://www.ipswitch.com/products/ws_ftp/home/index.asp	Trust: 0.3
url:	/archive/1/458293	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-24027 // VULMON: CVE-2007-0665 // BID: 22275 // JVNDB: JVNDB-2007-003312 // CNNVD: CNNVD-200702-035 // NVD: CVE-2007-0665

CREDITS

Michal Bucko※ michal.bucko@hack.pl

Trust: 0.6

sources: CNNVD: CNNVD-200702-035

SOURCES

db:	VULHUB	id:	VHN-24027
db:	VULMON	id:	CVE-2007-0665
db:	BID	id:	22275
db:	JVNDB	id:	JVNDB-2007-003312
db:	CNNVD	id:	CNNVD-200702-035
db:	NVD	id:	CVE-2007-0665

LAST UPDATE DATE

2025-04-10T23:24:26.244000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-24027	date:	2018-10-16T00:00:00
db:	VULMON	id:	CVE-2007-0665	date:	2018-10-16T00:00:00
db:	BID	id:	22275	date:	2015-05-12T19:35:00
db:	JVNDB	id:	JVNDB-2007-003312	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-200702-035	date:	2007-02-05T00:00:00
db:	NVD	id:	CVE-2007-0665	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-24027	date:	2007-02-02T00:00:00
db:	VULMON	id:	CVE-2007-0665	date:	2007-02-02T00:00:00
db:	BID	id:	22275	date:	2007-01-27T00:00:00
db:	JVNDB	id:	JVNDB-2007-003312	date:	2012-09-25T00:00:00
db:	CNNVD	id:	CNNVD-200702-035	date:	2007-01-27T00:00:00
db:	NVD	id:	CVE-2007-0665	date:	2007-02-02T21:28:00