Update to WinSCP v4.0.4.

Posted on September 17, 2007 by

Via Secunia;

Description:
Kender.Security has discovered a vulnerability in WinSCP, which can be exploited by malicious people to manipulate certain files on a user’s system and potentially to compromise a vulnerable system.

The vulnerability is confirmed in version 4.0.3. Prior versions may also be affected.

Solution:
Update to version 4.0.4.

http://winscp.net/eng/download.php

WinSCP version 4.0.4.

By default WinSCP installs URL protocol handlers for the scp:// and sftp:// protocols. These could be used by malicious web content to automatically upload any file from the local system to a remote server, or automatically download files from a remote server to the local system. [3]

Update your copy of WinSCP to v4.0.4

[1] WinSCP Protocol Handler Command Line Switch Injection (2006-Sep-14) [Secunia]
[2] Recent Version History | 4.0.4 [WinSCP.net]
[3] WinSCP URL Protocol Handler Flaw (2006-Sep-16) [SecuriTeam]

About these ads
This entry was posted in security, soe. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s