Untrusted search path vulnerability in FFFTP before 1.98d allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file, a different vulnerability than CVE-2011-3991.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Ffftp | Ffftp | * | 1.98 (including) |
| Ffftp | Ffftp | 1.79a (including) | 1.79a (including) |
| Ffftp | Ffftp | 1.80 (including) | 1.80 (including) |
| Ffftp | Ffftp | 1.81 (including) | 1.81 (including) |
| Ffftp | Ffftp | 1.82 (including) | 1.82 (including) |
| Ffftp | Ffftp | 1.83 (including) | 1.83 (including) |
| Ffftp | Ffftp | 1.84 (including) | 1.84 (including) |
| Ffftp | Ffftp | 1.85 (including) | 1.85 (including) |
| Ffftp | Ffftp | 1.86 (including) | 1.86 (including) |
| Ffftp | Ffftp | 1.86a (including) | 1.86a (including) |
| Ffftp | Ffftp | 1.87 (including) | 1.87 (including) |
| Ffftp | Ffftp | 1.87a (including) | 1.87a (including) |
| Ffftp | Ffftp | 1.88 (including) | 1.88 (including) |
| Ffftp | Ffftp | 1.88a (including) | 1.88a (including) |
| Ffftp | Ffftp | 1.88b (including) | 1.88b (including) |
| Ffftp | Ffftp | 1.89 (including) | 1.89 (including) |
| Ffftp | Ffftp | 1.89a (including) | 1.89a (including) |
| Ffftp | Ffftp | 1.89b (including) | 1.89b (including) |
| Ffftp | Ffftp | 1.90 (including) | 1.90 (including) |
| Ffftp | Ffftp | 1.91 (including) | 1.91 (including) |
| Ffftp | Ffftp | 1.92 (including) | 1.92 (including) |
| Ffftp | Ffftp | 1.92a (including) | 1.92a (including) |
| Ffftp | Ffftp | 1.92b (including) | 1.92b (including) |
| Ffftp | Ffftp | 1.92c (including) | 1.92c (including) |
| Ffftp | Ffftp | 1.93 (including) | 1.93 (including) |
| Ffftp | Ffftp | 1.94 (including) | 1.94 (including) |
| Ffftp | Ffftp | 1.94a (including) | 1.94a (including) |
| Ffftp | Ffftp | 1.95 (including) | 1.95 (including) |
| Ffftp | Ffftp | 1.96 (including) | 1.96 (including) |
| Ffftp | Ffftp | 1.96a (including) | 1.96a (including) |
| Ffftp | Ffftp | 1.96b (including) | 1.96b (including) |
| Ffftp | Ffftp | 1.96c (including) | 1.96c (including) |
| Ffftp | Ffftp | 1.96d (including) | 1.96d (including) |
| Ffftp | Ffftp | 1.97 (including) | 1.97 (including) |
| Ffftp | Ffftp | 1.97a (including) | 1.97a (including) |
| Ffftp | Ffftp | 1.97b (including) | 1.97b (including) |
| Ffftp | Ffftp | 1.98 (including) | 1.98 (including) |
| Ffftp | Ffftp | 1.98-a (including) | 1.98-a (including) |
| Ffftp | Ffftp | 1.98-b (including) | 1.98-b (including) |