Notified: May 25, 2006 Updated: May 31, 2006
Affected
We are fully aware of this issue, but have no plans to update our software at this time. In our opinion this vulnerability note does not affect wodSFTP's security or strength - it only explains that wodSFTP can be used by malicious software. Trying to remove 'safe for scripting' flag would affect wodSFTP's functionality and it wouldn't be usable in certain environments at all.
The vendor has not provided us with any further information regarding this vulnerability.
We believe the wodSFTP control be be vulnerable because it does not follow Microsoft's "Designing Secure ActiveX Controls" guidelines. If you do not need to use the wodSFTP control in a web page, we recommend setting the kill bit for the control, as specified in VU#378604.