{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T09:36:33.042","vulnerabilities":[{"cve":{"id":"CVE-2011-4266","sourceIdentifier":"vultures@jpcert.or.jp","published":"2011-12-13T11:55:06.157","lastModified":"2025-04-11T00:51:21.963","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Untrusted search path vulnerability in FFFTP before 1.98d allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file, a different vulnerability than CVE-2011-3991."},{"lang":"es","value":"Una vulnerabilidad de ruta de búsqueda no confiable en FFFTP antes de v1.98d permite a usuarios locales conseguir privilegios a través de un archivo troyano ejecutable en un directorio al que se accede para leer un archivo sin extensión, como lo demuestra la ejecución del archivo README.EXE cuando un usuario intenta acceder a los archivos README. Se trata de una vulnerabilidad diferente a CVE-2011-3991."}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10.0,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:*:c:*:*:*:*:*:*","versionEndIncluding":"1.98","matchCriteriaId":"AA24ED59-5993-4ECE-B229-A1EFE66E38A5"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.79a:*:*:*:*:*:*:*","matchCriteriaId":"6079BDCD-8456-4EC4-A26B-D47D2C6BA538"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.80:*:*:*:*:*:*:*","matchCriteriaId":"E21A59EC-4B60-4D1F-9133-1C1597928E7B"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.81:*:*:*:*:*:*:*","matchCriteriaId":"5818E00B-7695-4141-ADF9-211BA8827523"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.82:*:*:*:*:*:*:*","matchCriteriaId":"89C6775E-2630-4DC0-B1C3-AFAE3EDEC076"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.83:*:*:*:*:*:*:*","matchCriteriaId":"F01DC780-E509-4A5A-AD11-8FBA4D1EEA00"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.84:*:*:*:*:*:*:*","matchCriteriaId":"F1F1232E-4E50-4A09-A016-A831E7817FE4"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.85:*:*:*:*:*:*:*","matchCriteriaId":"6187A8B8-26D3-44F0-9C7F-420EF14258F2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.86:*:*:*:*:*:*:*","matchCriteriaId":"EE5AB09B-FC1A-4DB2-8154-3A00510CAC02"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.86a:*:*:*:*:*:*:*","matchCriteriaId":"66453CFD-9598-4D52-B354-957620F41E2A"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.87:*:*:*:*:*:*:*","matchCriteriaId":"7DF5207D-1873-493F-884D-C8275CA769FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.87a:*:*:*:*:*:*:*","matchCriteriaId":"B237E67E-A7D3-4F70-98DB-70D5276D7290"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.88:*:*:*:*:*:*:*","matchCriteriaId":"80C23BA7-07B7-4243-B2AC-70B9368F36C2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.88a:*:*:*:*:*:*:*","matchCriteriaId":"5B6DAA2D-A411-41F8-8375-518CC8055823"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.88b:*:*:*:*:*:*:*","matchCriteriaId":"85DF6151-83F8-4DCE-A7FC-D972016BB6A1"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.89:*:*:*:*:*:*:*","matchCriteriaId":"220F57C1-1FCF-474A-AF76-3503927E813C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.89a:*:*:*:*:*:*:*","matchCriteriaId":"A7EC8554-8AC6-48A4-80C4-604204A26726"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.89b:*:*:*:*:*:*:*","matchCriteriaId":"14534B40-97E2-4857-A6E1-01070D3E230C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.90:*:*:*:*:*:*:*","matchCriteriaId":"0B78E33E-0729-4927-B78A-0A89F2964EF8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.91:*:*:*:*:*:*:*","matchCriteriaId":"8402D8F5-79C7-4D17-9DE2-E80F94F9F790"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.92:*:*:*:*:*:*:*","matchCriteriaId":"54ECEDAB-833B-4481-9905-9513725FC302"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.92a:*:*:*:*:*:*:*","matchCriteriaId":"33C73FEA-0FB5-479C-9039-040EAAAAA6FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.92b:*:*:*:*:*:*:*","matchCriteriaId":"F858E6C3-7750-4AF3-93E7-3666236F17D7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.92c:*:*:*:*:*:*:*","matchCriteriaId":"9BE4515E-5C99-46C5-A2C3-2C830236C1B8"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.93:*:*:*:*:*:*:*","matchCriteriaId":"7E421601-9519-4C61-ABE1-E9B20E2DCB6F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.94:*:*:*:*:*:*:*","matchCriteriaId":"304495C5-E758-4B24-9D8D-A0F843F950D7"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.94a:*:*:*:*:*:*:*","matchCriteriaId":"5A755088-E8D9-47F5-953A-C931372C218C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.95:*:*:*:*:*:*:*","matchCriteriaId":"11E6A50D-36DD-4F67-BB5B-AA8B50E08A2C"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.96:*:*:*:*:*:*:*","matchCriteriaId":"230A3300-1D94-42A1-B764-5AAC46F57EFF"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.96a:*:*:*:*:*:*:*","matchCriteriaId":"C35F98C7-B232-4E78-96D3-1DB6CB56B684"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.96b:*:*:*:*:*:*:*","matchCriteriaId":"53DE04E1-A41D-4A94-A623-C71CC686AD30"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.96c:*:*:*:*:*:*:*","matchCriteriaId":"E36AFA55-CA09-48CB-9C63-B044E0958721"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.96d:*:*:*:*:*:*:*","matchCriteriaId":"19F29921-D221-4E5E-8BB9-02204AFC22DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.97:*:*:*:*:*:*:*","matchCriteriaId":"9EA3E7B0-BB36-4344-A417-50B1CCEBD647"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.97a:*:*:*:*:*:*:*","matchCriteriaId":"6E9E2C57-A449-4552-AE19-063318CACC5F"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.97b:*:*:*:*:*:*:*","matchCriteriaId":"7230DBF0-E056-4A33-B4F3-204619B4EFCD"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.98:*:*:*:*:*:*:*","matchCriteriaId":"5CCE2380-5891-4294-87A2-4AACE8434EC2"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.98:a:*:*:*:*:*:*","matchCriteriaId":"0DEB0A8D-3A14-41E6-B873-C2E2C97F81FE"},{"vulnerable":true,"criteria":"cpe:2.3:a:ffftp:ffftp:1.98:b:*:*:*:*:*:*","matchCriteriaId":"0EC5E7F4-E490-4E37-BFDE-8DA183E75286"}]}]}],"references":[{"url":"http://jvn.jp/en/jp/JVN94002296/index.html","source":"vultures@jpcert.or.jp"},{"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2011-000104","source":"vultures@jpcert.or.jp"},{"url":"http://sourceforge.jp/projects/ffftp/wiki/Security","source":"vultures@jpcert.or.jp"},{"url":"http://jvn.jp/en/jp/JVN94002296/index.html","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://jvndb.jvn.jp/jvndb/JVNDB-2011-000104","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://sourceforge.jp/projects/ffftp/wiki/Security","source":"af854a3a-2127-422b-91ae-364da2661108"}],"evaluatorComment":"Per: http://cwe.mitre.org/data/definitions/426.html\r\n\r\n'CWE-426: Untrusted Search Path'"}}]}