CVE-2011-4266
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
13/12/2011
Last modified:
11/04/2025
Description
Untrusted search path vulnerability in FFFTP before 1.98d allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file, a different vulnerability than CVE-2011-3991.
Impact
Base Score 2.0
9.30
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:ffftp:ffftp:*:c:*:*:*:*:*:* | 1.98 (including) | |
| cpe:2.3:a:ffftp:ffftp:1.79a:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ffftp:ffftp:1.80:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ffftp:ffftp:1.81:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ffftp:ffftp:1.82:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ffftp:ffftp:1.83:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ffftp:ffftp:1.84:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ffftp:ffftp:1.85:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ffftp:ffftp:1.86:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ffftp:ffftp:1.86a:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ffftp:ffftp:1.87:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ffftp:ffftp:1.87a:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ffftp:ffftp:1.88:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ffftp:ffftp:1.88a:*:*:*:*:*:*:* | ||
| cpe:2.3:a:ffftp:ffftp:1.88b:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page