CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2008-3442
https://notcve.org/view.php?id=CVE-2008-3442
WinZip before 11.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. WinZip anterior a 11.0 no verifica adecuadamente la autenticidad de las actualizaciones, lo cual permite a atacantes de tipo 'hombre en el medio' (man-in-the-middle) ejecutar código de su elección a través de la actualización de un Caballo de Troya, que se manifiesta en el grado de daño y el envenenamiento de la caché DNS. • http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html http://securitytracker.com/id?1020581 http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 21%CPEs: 1EXPL: 3CVE-2006-6884 – WinZip 10.0.7245 - FileView ActiveX Control Stack Overflow (PoC)
https://notcve.org/view.php?id=CVE-2006-6884
Buffer overflow in the WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 Build 6667 allows remote attackers to execute arbitrary code via a long argument to the CreateNewFolderFromName method, a different vulnerability than CVE-2006-5198. Desbordamiento de búfer en el control WZFILEVIEW.FileViewCtrl.61 ActiveX (también conocido como controlador Sky Software "FileView" ActiveX ) para WinZip 10.0 Build 6667 permite a un atacante remoto ejecutar código de su elección a través de un argumento en el método CreateNewFolderFromName, una vulnerabilidad diferentes que la CVE-2006-5198. • https://www.exploit-db.com/exploits/2783 https://www.exploit-db.com/exploits/2785 https://www.exploit-db.com/exploits/3055 http://www.securityfocus.com/archive/1/455608/100/0/threaded http://www.securityfocus.com/archive/1/455612/100/0/threaded • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 63%CPEs: 7EXPL: 4CVE-2006-3890 – WinZip 10.0.7245 - FileView ActiveX Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-3890
Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198. Desbordamiento de búfer basado en la pila en el control ActiveX Sky Software FileView, como el usado en WinZip 10 anterior a build 7245 y en otras ciertas aplicaciones, permite a atacantes remotos ejecutar código de su elección mediante un atributo FilePattern largo en un objeto WZFILEVIEW, una vulnerabilidad diferente que CVE-2006-5198. • https://www.exploit-db.com/exploits/3420 http://secunia.com/advisories/22891 http://www.kb.cert.org/vuls/id/225217 http://www.securityfocus.com/archive/1/451566/100/0/threaded http://www.securityfocus.com/bid/21060 http://www.securityfocus.com/bid/21108 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067 https://www.exploit-db.com/exploits/2785 •
CVSS: 4.0EPSS: 96%CPEs: 1EXPL: 1CVE-2006-5198 – WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability
https://notcve.org/view.php?id=CVE-2006-5198
The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 before build 7245 allows remote attackers to execute arbitrary code via unspecified "unsafe methods." El control ActiveX WZFILEVIEW.FileViewCtrl.61 (también conocido como control ActiveX Sky Software "FileView") para WinZip 10.0 anterior al build 7245 permite a atacantes remotos ejecutar código de su elección mediante "métodos no seguros" no especificados. This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the ActiveX control WZFILEVIEW.FileViewCtrl.61, CLSID: A09AE68F-B14D-43ED-B713-BA413F034904 A re-branded version of the "FileView" ActiveX control developed by Sky Software. The object is marked "Safe for Scripting" and exposes several unsafe methods which can be leveraged to result in arbitrary code execution with no further interaction. • https://www.exploit-db.com/exploits/16607 http://isc.sans.org/diary.php?storyid=1861 http://secunia.com/advisories/22891 http://securitytracker.com/id?1017226 http://www.kb.cert.org/vuls/id/512804 http://www.securityfocus.com/archive/1/451589/100/0/threaded http://www.securityfocus.com/bid/21060 http://www.vupen.com/english/advisories/2006/4509 http://www.winzip.com/wz7245.htm http://www.zerodayinitiative.com/advisories/ZDI-06-040.html https://docs.microsoft.com •