PT-2006-4740 · Sky · Fileview Activex+1

Prdelka

Published

2006-11-21

Updated

2018-10-17

CVE-2006-3890

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions WinZip versions prior to 10 build 7245

Description A stack-based buffer overflow issue exists in the Sky Software FileView ActiveX control, used in certain applications including WinZip. This issue allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object.

Recommendations For WinZip versions prior to 10 build 7245, update to build 7245 or later to resolve the issue. As a temporary workaround, consider restricting access to the WZFILEVIEW object to minimize the risk of exploitation. Avoid using long FilePattern attributes in the WZFILEVIEW object until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-3890

Affected Products

Fileview Activex

Winzip

PT-2006-4740 · Sky · Fileview Activex+1

CVE-2006-3890

Related Identifiers

Affected Products

References · 9