ID CVE-2006-5198
Summary The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 before build 7245 allows remote attackers to execute arbitrary code via unspecified "unsafe methods."
References
Vulnerable Configurations
  • WinZip 10.0
    cpe:2.3:a:winzip:winzip:10.0
CVSS
Base: 4.0 (as of 15-11-2006 - 10:41)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
exploit-db via4
description WinZip FileView (WZFILEVIEW.FileViewCtrl.61) ActiveX Buffer Overflow. CVE-2006-5198. Remote exploit for windows platform
id EDB-ID:16607
last seen 2016-02-02
modified 2010-04-30
published 2010-04-30
reporter metasploit
source https://www.exploit-db.com/download/16607/
title WinZip FileView WZFILEVIEW.FileViewCtrl.61 ActiveX Buffer Overflow
metasploit via4
description The FileView ActiveX control (WZFILEVIEW.FileViewCtrl.61) could allow a remote attacker to execute arbitrary code on the system. The control contains several unsafe methods and is marked safe for scripting and safe for initialization. A remote attacker could exploit this vulnerability to execute arbitrary code on the victim system. WinZip 10.0 <= Build 6667 are vulnerable.
id MSF:EXPLOIT/WINDOWS/BROWSER/WINZIP_FILEVIEW
last seen 2019-03-22
modified 2017-07-24
published 2009-03-15
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/winzip_fileview.rb
title WinZip FileView (WZFILEVIEW.FileViewCtrl.61) ActiveX Buffer Overflow
nessus via4
NASL family Windows
NASL id WINZIP_FILEVIEW_ACTIVEX_CODE_EXEC.NASL
description The remote host contains a version of the 'FileView' ActiveX control from Sky Software that is included in third-party products such as WinZip. The version of this ActiveX control on the remote host reportedly exposes several methods that either can be used to execute arbitrary code or are affected by buffer overflow vulnerabilities. If an attacker can trick a user on the affected host into visiting a specially crafted web page, he can leverage these issues to execute arbitrary code on the host subject to the user's privileges.
last seen 2019-02-21
modified 2018-11-15
plugin id 23648
published 2006-11-15
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=23648
title WinZip FileView ActiveX Control Vulnerabilities
packetstorm via4
data source https://packetstormsecurity.com/files/download/83024/winzip_fileview.rb.txt
id PACKETSTORM:83024
last seen 2016-12-05
published 2009-11-26
reporter dean
source https://packetstormsecurity.com/files/83024/WinZip-FileView-WZFILEVIEW.FileViewCtrl.61-ActiveX-Buffer-Overflow.html
title WinZip FileView (WZFILEVIEW.FileViewCtrl.61) ActiveX Buffer Overflow
refmap via4
bid 21060
bugtraq 20061114 ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability
cert-vn VU#512804
confirm http://www.winzip.com/wz7245.htm
misc
ms MS06-067
sectrack 1017226
secunia 22891
vupen ADV-2006-4509
saint via4
bid 21060
description WinZip FileView ActiveX control unsafe method
id misc_compress_winzip
osvdb 30433
title winzip_fileview
type client
Last major update 07-03-2011 - 21:42
Published 14-11-2006 - 16:07
Last modified 17-10-2018 - 17:41
Back to Top