Intrusion Prevention



This indicates an attack attempt against a format string vulnerability in the Ipswitch WS_FTP client FTP product. The vulnerability is caused by an input validation when the vulnerable software processes a message from a remote FTP server. It allows a remote attacker to execute arbitrary code.

Affected Products

Ipswitch WS_FTP Pro 8.0 3
Ipswitch WS_FTP Pro 8.0 2
Ipswitch WS_FTP Pro 7.5
Ipswitch WS_FTP Pro 6.0
Ipswitch WS_FTP Pro 5
Ipswitch WS_FTP Pro 0
Ipswitch WS_FTP Home 0


System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply patch, available from the web site:
WS_FTP Professional 2007.1 Hotfix 1 (full English version only):
WS_FTP Home 2007 Hotfix 1 for version 2007.0.0.2 (full English version only):

CVE References