CVE-2006-3890

Name of the Vulnerable Software and Affected Versions WinZip versions prior to 10 build 7245

Description A stack-based buffer overflow issue exists in the Sky Software FileView ActiveX control, used in certain applications including WinZip. This issue allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object.

Recommendations For WinZip versions prior to 10 build 7245, update to build 7245 or later to resolve the issue. As a temporary workaround, consider restricting access to the WZFILEVIEW object to minimize the risk of exploitation. Avoid using long FilePattern attributes in the WZFILEVIEW object until the issue is resolved.