vuln.sg  oblivion 2013 hybrid open matte bd by mrmovi link

vuln.sg Vulnerability Research Advisory

AceFTP FTP-Client Directory Traversal Vulnerability

by Tan Chew Keong
Release Date: 2008-06-27

oblivion 2013 hybrid open matte bd by mrmovi link   [en] [jp]

oblivion 2013 hybrid open matte bd by mrmovi link Summary

A vulnerability has been found within the FTP client in AceFTP. When exploited, this vulnerability allows an anonymous attacker to write files to arbitrary locations on a Windows user's system.


oblivion 2013 hybrid open matte bd by mrmovi link Tested Versions


oblivion 2013 hybrid open matte bd by mrmovi link Details

This advisory discloses a vulnerability within the FTP client in AceFTP. When exploited, this vulnerability allows an anonymous attacker to write files to arbitrary locations on a Windows user's system.

The FTP client does not properly sanitise filenames containing directory traversal sequences (forward-slash) that are received from an FTP server in response to the LIST command.

An example of such a response from a malicious FTP server is shown below.


Response to LIST (forward-slash):

-rw-r--r--    1 ftp      ftp            20 Mar 01 05:37 /../../../../../../../../../testfile.txt\r\n
 

By tricking a user to download a directory from a malicious FTP server that contains files with fowward-slash directory traversal sequences in their filenames, it is possible for the attacker to write files to arbitrary locations on a user's system with privileges of that user. An attacker can potentially leverage this issue to write files into a user's Windows Startup folder and execute arbitrary code when the user logs on.


oblivion 2013 hybrid open matte bd by mrmovi link POC / Test Code

Please download the POC here and follow the instructions below.

Oblivion 2013 Hybrid Open Matte Bd By Mrmovi Link -

First, I should confirm what the original aspect ratios of the movie were. "Oblivion" was filmed with a 2.39:1 aspect ratio but was shown in a 1.88:1 open matte format in some theaters to hide the black bars when shown on a 1.85:1 screen. This means some directors choose to crop the sides slightly for a 1.85:1 aspect ratio but leave the image open at the top and bottom so the image doesn't look squished on standard screens. However, for Blu-rays, especially those labeled as "open matte", the image might show the full 2.39:1 if not forced into a specific ratio. But the term "hybrid" here could mean that the release has multiple options or that it's an original aspect ratio preserved.

Putting this all together, my response should clarify that "Oblivion 2013 hybrid open matte BD by Mrmovi link" likely refers to a specific version of the Blu-ray, possibly a legitimate release or a non-official one with different aspect ratio options. However, since Mrmovi isn't a known major distributor, there might be concerns about its legitimacy. I should advise the user to be cautious about the source, check for official releases, and mention the legal and technical aspects of aspect ratios in movies. oblivion 2013 hybrid open matte bd by mrmovi link

Now, the user specifically mentions a release by "Mrmovi". But Mrmovi isn't a company I'm immediately familiar with. Maybe it's a typo or a less-known entity. I'll need to check if this is a legitimate release. Typically, official Blu-rays for movies like "Oblivion" are released by major studios, such as 20th Century Fox or later Disney (since Fox was acquired by Disney). However, the user might be referring to a regional or pirated release, which can sometimes have different labels. It's possible that "Mrmovi" is associated with a pirate market or a less-known legitimate distributor, but I need to be cautious here to avoid providing information about pirate content. First, I should confirm what the original aspect

Next, the term "link" might refer to a direct link for download or streaming, but again, sharing such links could be legal issues. The user might be seeking a download or torrent link, which I need to address appropriately without supporting piracy. However, for Blu-rays, especially those labeled as "open


oblivion 2013 hybrid open matte bd by mrmovi link Patch / Workaround

Avoid downloading files/directories from untrusted FTP servers.


oblivion 2013 hybrid open matte bd by mrmovi link Disclosure Timeline

2008-06-15 - Vulnerability Discovered.
2008-06-16 - Vulnerability Details Sent to Vendor via online support form (no reply).
2008-06-18 - Vulnerability Details Sent to Vendor again via online support form (no reply).
2008-06-25 - Vulnerability Details Sent to Vendor again via online support form (no reply).
2008-06-27 - Public Release.


Contact
For further enquries, comments, suggestions or bug reports, simply email them to