Home | FAQ | Contact | Privacy Policy
US-CERT
Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information
 

 View Notes By
Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric

 Other Documents
Technical Alerts

Technical Bulletins

Alerts

Security Tips

WeOnlyDo! Software Information for VU#378604

Date Notified:2006-05-25
Date Updated:
Statement Date:
Status Summary:Vulnerable

Vendor Statement

We are fully aware of this issue, but have no plans to update our software at this time. In our opinion this vulnerability note does not affect wodSFTP's security or strength - it only explains that wodSFTP can be used by malicious software.

Trying to remove 'safe for scripting' flag would affect wodSFTP's functionality and it wouldn't be usable in certain environments at all.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

We believe the wodSFTP control be be vulnerable because it does not follow Microsoft's "Designing Secure ActiveX Controls" guidelines. If you do not need to use the wodSFTP control in a web page, we recommend setting the kill bit for the control, as specified in VU#378604.

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

Produced 2009 by US-CERT, a government organization
Disclaimers and copyright information