CVE-2006-3890

Sky Software FileView ActiveX Control - Stack-Based Buffer Overflow via FilePattern Attribute

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-3890. PoCs published by prdelka.

AI-analyzed exploit summary This exploit leverages a heap spray technique to trigger a buffer overflow in WinZip's WZFILEVIEW ActiveX control (CVE-2006-3890), executing a bindshell on port 28876. The shellcode is embedded in the HTML and sprayed across memory to achieve reliable execution.

Description

Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198.

Exploits (2)

exploitdb WORKING POC VERIFIED
by prdelka · htmlremotewindows
https://www.exploit-db.com/exploits/3420

This exploit leverages a heap spray technique to trigger a buffer overflow in WinZip's WZFILEVIEW ActiveX control (CVE-2006-3890), executing a bindshell on port 28876. The shellcode is embedded in the HTML and sprayed across memory to achieve reliable execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: WinZip WZFILEVIEW ActiveX control
No auth needed
Prerequisites: Victim must visit the malicious HTML page · WinZip with vulnerable ActiveX control installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by prdelka · cremotewindows
https://www.exploit-db.com/exploits/2785

This exploit targets a stack-based buffer overflow in the WinZip FileView ActiveX control (CVE-2006-6884). It generates a malicious HTML page and embeds shellcode within a BMP image to achieve remote code execution when a user visits the page.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Unreliable
Target: WinZip <= 10.0.7245
No auth needed
Prerequisites: Victim must visit a malicious webpage · WinZip with vulnerable FileView ActiveX control installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7
Core References
Patch, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/225217
Exploit, Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22891
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21060
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/451566/100/0/threaded
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/2785
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/21108

Scores

EPSS 0.1286
EPSS Percentile 95.8%

Details

Status published
Products (6)
sky_software/fileview_activex_control
winzip/winzip 7.0
winzip/winzip 8.0
winzip/winzip 8.1 (2 CPE variants)
winzip/winzip 9.0
winzip/winzip < 10.0
Published Nov 21, 2006
Tracked Since Feb 18, 2026