CVE-2006-5198

WinZip <10.0.7245 - RCE

Title source: llm

Description

The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 before build 7245 allows remote attackers to execute arbitrary code via unspecified "unsafe methods."

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16607

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/winzip_fileview.rb

View Code ZIP pw:eip

References (10)

[US Government Resource] http://www.kb.cert.org/vuls/id/512804

[Vendor Advisory] http://www.zerodayinitiative.com/advisories/ZDI-06-040.html

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067

[Various Sources] http://isc.sans.org/diary.php?storyid=1861

[Various Sources] http://www.winzip.com/wz7245.htm

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/451589/100/0/threaded

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/21060

[Third Party Advisory, VDB Entry] http://securitytracker.com/id?1017226

[Third Party Advisory] http://secunia.com/advisories/22891

[Third Party Advisory] http://www.vupen.com/english/advisories/2006/4509

Scores

EPSS 0.7344

EPSS Percentile 98.8%

Details

Status published

Products (1)

winzip/winzip 10.0

Published Nov 14, 2006

Tracked Since Feb 18, 2026