CVE-2006-3890
WinZip 10.0.7245 - FileView ActiveX Buffer Overflow
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
4
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198.
Desbordamiento de búfer basado en la pila en el control ActiveX Sky Software FileView, como el usado en WinZip 10 anterior a build 7245 y en otras ciertas aplicaciones, permite a atacantes remotos ejecutar código de su elección mediante un atributo FilePattern largo en un objeto WZFILEVIEW, una vulnerabilidad diferente que CVE-2006-5198.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2006-07-26 CVE Reserved
- 2006-11-21 CVE Published
- 2007-03-06 First Exploit
- 2024-08-07 CVE Updated
- 2024-10-11 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/archive/1/451566/100/0/threaded | Mailing List | |
| http://www.securityfocus.com/bid/21108 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/3420 | 2007-03-06 | |
| http://secunia.com/advisories/22891 | 2024-08-07 | |
| http://www.securityfocus.com/bid/21060 | 2024-08-07 | |
| https://www.exploit-db.com/exploits/2785 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://www.kb.cert.org/vuls/id/225217 | 2018-10-17 |
| URL | Date | SRC |
|---|---|---|
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067 | 2018-10-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sky Software Search vendor "Sky Software" | Fileview Activex Control Search vendor "Sky Software" for product "Fileview Activex Control" | * | - |
Affected
| ||||||
| Winzip Search vendor "Winzip" | Winzip Search vendor "Winzip" for product "Winzip" | <= 10.0 Search vendor "Winzip" for product "Winzip" and version " <= 10.0" | - |
Affected
| ||||||
| Winzip Search vendor "Winzip" | Winzip Search vendor "Winzip" for product "Winzip" | 7.0 Search vendor "Winzip" for product "Winzip" and version "7.0" | - |
Affected
| ||||||
| Winzip Search vendor "Winzip" | Winzip Search vendor "Winzip" for product "Winzip" | 8.0 Search vendor "Winzip" for product "Winzip" and version "8.0" | - |
Affected
| ||||||
| Winzip Search vendor "Winzip" | Winzip Search vendor "Winzip" for product "Winzip" | 8.1 Search vendor "Winzip" for product "Winzip" and version "8.1" | - |
Affected
| ||||||
| Winzip Search vendor "Winzip" | Winzip Search vendor "Winzip" for product "Winzip" | 8.1 Search vendor "Winzip" for product "Winzip" and version "8.1" | sr1 |
Affected
| ||||||
| Winzip Search vendor "Winzip" | Winzip Search vendor "Winzip" for product "Winzip" | 9.0 Search vendor "Winzip" for product "Winzip" and version "9.0" | - |
Affected
| ||||||