VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 13, 2011· Updated Apr 29, 2026

CVE-2011-4266

CVE-2011-4266

Description

Untrusted search path vulnerability in FFFTP before 1.98d allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file, a different vulnerability than CVE-2011-3991.

Affected products

39
  • Ffftp/Ffftp39 versions
    cpe:2.3:a:ffftp:ffftp:*:c:*:*:*:*:*:*+ 38 more
    • cpe:2.3:a:ffftp:ffftp:*:c:*:*:*:*:*:*range: <=1.98
    • cpe:2.3:a:ffftp:ffftp:1.79a:*:*:*:*:*:*:*
    • cpe:2.3:a:ffftp:ffftp:1.80:*:*:*:*:*:*:*
    • cpe:2.3:a:ffftp:ffftp:1.81:*:*:*:*:*:*:*
    • cpe:2.3:a:ffftp:ffftp:1.82:*:*:*:*:*:*:*
    • cpe:2.3:a:ffftp:ffftp:1.83:*:*:*:*:*:*:*
    • cpe:2.3:a:ffftp:ffftp:1.84:*:*:*:*:*:*:*
    • cpe:2.3:a:ffftp:ffftp:1.85:*:*:*:*:*:*:*
    • cpe:2.3:a:ffftp:ffftp:1.86:*:*:*:*:*:*:*
    • cpe:2.3:a:ffftp:ffftp:1.86a:*:*:*:*:*:*:*
    • cpe:2.3:a:ffftp:ffftp:1.87:*:*:*:*:*:*:*
    • cpe:2.3:a:ffftp:ffftp:1.87a:*:*:*:*:*:*:*
    • cpe:2.3:a:ffftp:ffftp:1.88:*:*:*:*:*:*:*
    • cpe:2.3:a:ffftp:ffftp:1.88a:*:*:*:*:*:*:*
    • cpe:2.3:a:ffftp:ffftp:1.88b:*:*:*:*:*:*:*
    • cpe:2.3:a:ffftp:ffftp:1.89:*:*:*:*:*:*:*
    • cpe:2.3:a:ffftp:ffftp:1.89a:*:*:*:*:*:*:*
    • cpe:2.3:a:ffftp:ffftp:1.89b:*:*:*:*:*:*:*
    • cpe:2.3:a:ffftp:ffftp:1.90:*:*:*:*:*:*:*
    • cpe:2.3:a:ffftp:ffftp:1.91:*:*:*:*:*:*:*
    • cpe:2.3:a:ffftp:ffftp:1.92:*:*:*:*:*:*:*
    • cpe:2.3:a:ffftp:ffftp:1.92a:*:*:*:*:*:*:*
    • cpe:2.3:a:ffftp:ffftp:1.92b:*:*:*:*:*:*:*
    • cpe:2.3:a:ffftp:ffftp:1.92c:*:*:*:*:*:*:*
    • cpe:2.3:a:ffftp:ffftp:1.93:*:*:*:*:*:*:*
    • cpe:2.3:a:ffftp:ffftp:1.94:*:*:*:*:*:*:*
    • cpe:2.3:a:ffftp:ffftp:1.94a:*:*:*:*:*:*:*
    • cpe:2.3:a:ffftp:ffftp:1.95:*:*:*:*:*:*:*
    • cpe:2.3:a:ffftp:ffftp:1.96:*:*:*:*:*:*:*
    • cpe:2.3:a:ffftp:ffftp:1.96a:*:*:*:*:*:*:*
    • cpe:2.3:a:ffftp:ffftp:1.96b:*:*:*:*:*:*:*
    • cpe:2.3:a:ffftp:ffftp:1.96c:*:*:*:*:*:*:*
    • cpe:2.3:a:ffftp:ffftp:1.96d:*:*:*:*:*:*:*
    • cpe:2.3:a:ffftp:ffftp:1.97:*:*:*:*:*:*:*
    • cpe:2.3:a:ffftp:ffftp:1.97a:*:*:*:*:*:*:*
    • cpe:2.3:a:ffftp:ffftp:1.97b:*:*:*:*:*:*:*
    • cpe:2.3:a:ffftp:ffftp:1.98:*:*:*:*:*:*:*
    • cpe:2.3:a:ffftp:ffftp:1.98:a:*:*:*:*:*:*
    • cpe:2.3:a:ffftp:ffftp:1.98:b:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

3

News mentions

0

No linked articles in our index yet.