CVE-2006-3890 – WinZip 10.0.7245 - FileView ActiveX Buffer Overflow

https://notcve.org/view.php?id=CVE-2006-3890

Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198. Desbordamiento de búfer basado en la pila en el control ActiveX Sky Software FileView, como el usado en WinZip 10 anterior a build 7245 y en otras ciertas aplicaciones, permite a atacantes remotos ejecutar código de su elección mediante un atributo FilePattern largo en un objeto WZFILEVIEW, una vulnerabilidad diferente que CVE-2006-5198. • https://www.exploit-db.com/exploits/3420 http://secunia.com/advisories/22891 http://www.kb.cert.org/vuls/id/225217 http://www.securityfocus.com/archive/1/451566/100/0/threaded http://www.securityfocus.com/bid/21060 http://www.securityfocus.com/bid/21108 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067 https://www.exploit-db.com/exploits/2785 •