Vulnerability Note VU#912588
WinSCP URI handlers fails to properly parse command line switches
A vulnerability has been found in WinSCP, which can be exploited by an attacker to overwrite or add files to the victim's computer.
WinSCP is an open source SFTP client for Microsoft windows. It supports a file-manager user interface, and uses the SSH protocol to transfer files between hosts. If an attacker convinces a user to follow a specially crafted URL, a file may be directly transferred to the user's computer. The attacker may also be able to append information to files.
Depending on what the user interface settings of WinSCP are, user-interaction may or may not be required to complete the file transfer. This vulnerability is a result of certain command line switches being passed to WinSCP in the malicious URL.
If a victim user clicks on the specially-crafted URL, an attacker could send any chosen file to the victim's computer with access to folders that the user running WinSCP has write access to. The attacker could also append information to a file that may damage the file or make it unusable.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|WinSCP||Affected||15 Jun 2006||22 Jun 2006|
CVSS Metrics (Learn More)
This document was written by Ryan Giobbi.
- CVE IDs: CVE-2006-3015
- Date Public: 11 Jun 2006
- Date First Published: 22 Jun 2006
- Date Last Updated: 07 Jul 2006
- Severity Metric: 0.79
- Document Revision: 15
If you have feedback, comments, or additional information about this vulnerability, please send us email.