WeOnlyDo! Software Information for VU#378604
WeOnlyDo! SFTP ActiveX control fails to properly restrict access to methods
- Vendor Information Help Date Notified: 25 May 2006
- Statement Date:
- Date Updated: 31 May 2006
We are fully aware of this issue, but have no plans to update our software at this time. In our opinion this vulnerability note does not affect wodSFTP's security or strength - it only explains that wodSFTP can be used by malicious software.
Trying to remove 'safe for scripting' flag would affect wodSFTP's functionality and it wouldn't be usable in certain environments at all.
The vendor has not provided us with any further information regarding this vulnerability.
We believe the wodSFTP control be be vulnerable because it does not follow Microsoft's "Designing Secure ActiveX Controls" guidelines. If you do not need to use the wodSFTP control in a web page, we recommend setting the kill bit for the control, as specified in VU#378604.
If you have feedback, comments, or additional information about this vulnerability, please send us email.