1. CVE-Search
  2. CVE-2006-3890
ID CVE-2006-3890
Summary Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198. This vulnerability is addressed in the following product update: WinZip, WinZip, 10.0 build 7245
References
Vulnerable Configurations
  • cpe:2.3:a:sky_software:fileview_activex_control:*:*:*:*:*:*:*:*
    cpe:2.3:a:sky_software:fileview_activex_control:*:*:*:*:*:*:*:*
  • cpe:2.3:a:winzip:winzip:7.0:*:*:*:*:*:*:*
    cpe:2.3:a:winzip:winzip:7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:winzip:winzip:8.0:*:*:*:*:*:*:*
    cpe:2.3:a:winzip:winzip:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:winzip:winzip:8.1:*:*:*:*:*:*:*
    cpe:2.3:a:winzip:winzip:8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:winzip:winzip:8.1:sr1:*:*:*:*:*:*
    cpe:2.3:a:winzip:winzip:8.1:sr1:*:*:*:*:*:*
  • cpe:2.3:a:winzip:winzip:9.0:*:*:*:*:*:*:*
    cpe:2.3:a:winzip:winzip:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:winzip:winzip:-:*:*:*:*:*:*:*
    cpe:2.3:a:winzip:winzip:-:*:*:*:*:*:*:*
  • cpe:2.3:a:winzip:winzip:5.5:*:*:*:*:*:*:*
    cpe:2.3:a:winzip:winzip:5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:winzip:winzip:5.6:*:*:*:*:*:*:*
    cpe:2.3:a:winzip:winzip:5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:winzip:winzip:6.0a:*:*:*:*:*:*:*
    cpe:2.3:a:winzip:winzip:6.0a:*:*:*:*:*:*:*
  • cpe:2.3:a:winzip:winzip:6.1:*:*:*:*:*:*:*
    cpe:2.3:a:winzip:winzip:6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:winzip:winzip:6.2:*:*:*:*:*:*:*
    cpe:2.3:a:winzip:winzip:6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:winzip:winzip:6.3:*:*:*:*:*:*:*
    cpe:2.3:a:winzip:winzip:6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:winzip:winzip:8.1.4331:*:*:*:*:*:*:*
    cpe:2.3:a:winzip:winzip:8.1.4331:*:*:*:*:*:*:*
  • cpe:2.3:a:winzip:winzip:9.0:sr1:*:*:*:*:*:*
    cpe:2.3:a:winzip:winzip:9.0:sr1:*:*:*:*:*:*
  • cpe:2.3:a:winzip:winzip:9.0.6028:*:*:*:*:*:*:*
    cpe:2.3:a:winzip:winzip:9.0.6028:*:*:*:*:*:*:*
  • cpe:2.3:a:winzip:winzip:10.0:*:*:*:*:*:*:*
    cpe:2.3:a:winzip:winzip:10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:winzip:winzip:_9.0_sr-1_\(6224\):*:*:*:*:*:*:*
    cpe:2.3:a:winzip:winzip:_9.0_sr-1_\(6224\):*:*:*:*:*:*:*
CVSS
Base: 9.3 (as of 17-10-2018 - 21:32)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:M/Au:N/C:C/I:C/A:C
refmap via4
bid
  • 21060
  • 21108
bugtraq 20061114 Re: [Full-disclosure] ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability
cert-vn VU#225217
exploit-db 2785
secunia 22891
saint via4
bid 21060
description WinZip FileView ActiveX control unsafe method
id misc_compress_winzip
osvdb 30433
title winzip_fileview
type client
Last major update 17-10-2018 - 21:32
Published 21-11-2006 - 22:07
Last modified 17-10-2018 - 21:32
Back to Top