Detections
Analytics

WinSCP URL Protocol Handler Arbitrary File Transfer

high Nessus Plugin ID 26027

Synopsis

The remote Windows host has a program that allows arbitrary file access.

Description

According to its version, the installation of WinSCP on the remote host fails to completely sanitize input to the SCP and SFTP protocol handlers. If an attacker can trick a user on the affected host into clicking on a malicious link, a file transfer can be initiated to or from the affected host.

Solution

Upgrade to WinSCP version 4.0.4 or later.

See Also

https://www.securityfocus.com/archive/1/479298/30/0/threaded

https://winscp.net/eng/docs/history#4.0.4

Plugin Details

Severity: High

ID: 26027

File Name: winscp_uri_handler_file_access2.nasl

Version: 1.15

Type: local

Agent: windows

Family: Windows

Published: 9/14/2007

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 7.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:winscp:winscp

Required KB Items: installed_sw/WinSCP

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/3/2007

Reference Information

CVE: CVE-2007-4909

BID: 25655

CWE: 264