EmFTP may insecurely load executable files


EmFTP contains a flaw when loading files, where an unitended executable file may be loaded when attempting to open a file without an extension. For example, if a text file named "exmaple" (without an extension) and an executable "example.exe" are in the same directory, attemtping to open the file "example" will result in the execution of "example.exe".
CVSS Severity (What is CVSS?)

Base Metrics: 5.1 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial

Affected Products

Emurasoft, Inc.
  • EmFTP Professional
  • EmFTP Standard


An attacker may execute arbitrary code with the privilege of the vulnerable application.

[Apply a workaround]
EmFTP development has ended. The developer recommends the following workaround.

When opening local files, do not use EmFTP. Use Run command or Windows Explorer.
Vendor Information

Emurasoft, Inc.
CWE (What is CWE?)

  1. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2014-3910

  1. JVN : JVN#50367052
  2. National Vulnerability Database (NVD) : CVE-2014-3910
Revision History

  Web page was published
   References : Content was added