CVE-2011-4266

Untrusted search path vulnerability in FFFTP before 1.98d allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file, a different vulnerability than CVE-2011-3991.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
jpcertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
VendorProductVersion
ffftpffftp
𝑥
≤ 1.98
ffftpffftp
1.79a:a
ffftpffftp
1.80
ffftpffftp
1.81
ffftpffftp
1.82
ffftpffftp
1.83
ffftpffftp
1.84
ffftpffftp
1.85
ffftpffftp
1.86
ffftpffftp
1.86a:a
ffftpffftp
1.87
ffftpffftp
1.87a:a
ffftpffftp
1.88
ffftpffftp
1.88a:a
ffftpffftp
1.88b:b
ffftpffftp
1.89
ffftpffftp
1.89a:a
ffftpffftp
1.89b:b
ffftpffftp
1.90
ffftpffftp
1.91
ffftpffftp
1.92
ffftpffftp
1.92a:a
ffftpffftp
1.92b:b
ffftpffftp
1.92c:c
ffftpffftp
1.93
ffftpffftp
1.94
ffftpffftp
1.94a:a
ffftpffftp
1.95
ffftpffftp
1.96
ffftpffftp
1.96a:a
ffftpffftp
1.96b:b
ffftpffftp
1.96c:c
ffftpffftp
1.96d:d
ffftpffftp
1.97
ffftpffftp
1.97a:a
ffftpffftp
1.97b:b
ffftpffftp
1.98
ffftpffftp
1.98:a
ffftpffftp
1.98:b
𝑥
= Vulnerable software versions
References
http://jvn.jp/en/jp/JVN94002296/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000104
http://sourceforge.jp/projects/ffftp/wiki/Security
http://jvn.jp/en/jp/JVN94002296/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2011-000104
http://sourceforge.jp/projects/ffftp/wiki/Security