CVE-2006-3890

SKY Software Fileview Activex Control < 10.0 - Buffer Overflow

Title source: rule

Description

Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198.

Exploits (2)

exploitdb WORKING POC VERIFIED

by prdelka · htmlremotewindows

https://www.exploit-db.com/exploits/3420

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by prdelka · cremotewindows

https://www.exploit-db.com/exploits/2785

View Code ZIP pw:eip

References (7)

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067

[Patch, US Government Resource] http://www.kb.cert.org/vuls/id/225217

[Exploit, Patch, Vendor Advisory] http://secunia.com/advisories/22891

[Exploit, Patch] http://www.securityfocus.com/bid/21060

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/451566/100/0/threaded

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/2785

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/21108

Scores

EPSS 0.4955

EPSS Percentile 97.8%

Details

Status published

Products (6)

sky_software/fileview_activex_control

winzip/winzip 7.0

winzip/winzip 8.0

winzip/winzip 8.1 (2 CPE variants)

winzip/winzip 9.0

winzip/winzip < 10.0

Published Nov 21, 2006

Tracked Since Feb 18, 2026