CVE-2006-5198

WinZip 10.0 - Remote Code Execution via WZFILEVIEW.FileViewCtrl.61 ActiveX Control

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2006-5198. PoCs published by Metasploit, including Metasploit module exploits/windows/browser/winzip_fileview.

AI-analyzed exploit summary This is a Metasploit module exploiting a buffer overflow in the WinZip FileView ActiveX control (CVE-2006-5198). It crafts a malicious HTML page that triggers the vulnerability via the 'CreateNewFolderFromName' method, leading to arbitrary code execution.

Description

The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 before build 7245 allows remote attackers to execute arbitrary code via unspecified "unsafe methods."

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16607

View Code ZIP pw:eip

This is a Metasploit module exploiting a buffer overflow in the WinZip FileView ActiveX control (CVE-2006-5198). It crafts a malicious HTML page that triggers the vulnerability via the 'CreateNewFolderFromName' method, leading to arbitrary code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WinZip 10.0 <= Build 6667

No auth needed

Prerequisites: Victim must visit a malicious webpage using Internet Explorer · WinZip FileView ActiveX control must be installed and marked safe for scripting

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC NORMAL

rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/winzip_fileview.rb

View Code ZIP pw:eip

This Metasploit module exploits a buffer overflow in the WinZip FileView ActiveX control (WZFILEVIEW.FileViewCtrl.61) via the CreateNewFolderFromName method, allowing remote code execution on vulnerable systems. The exploit uses a crafted HTML page with JavaScript to trigger the vulnerability and execute arbitrary shellcode.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: WinZip 10.0 <= Build 6667

No auth needed

Prerequisites: Victim must visit a malicious webpage or open a malicious HTML file · WinZip FileView ActiveX control must be installed and enabled

MITRE ATT&CK

T1189 - Drive-by Compromise T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (10)

Core 10

Core References

Vendor Advisory x_refsource_misc

http://www.zerodayinitiative.com/advisories/ZDI-06-040.html

Various Sources x_refsource_confirm

http://www.winzip.com/wz7245.htm

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/22891

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/21060

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/512804

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/id?1017226

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/451589/100/0/threaded

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2006/4509

Vendor Advisory vendor-advisory x_refsource_ms

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067

Various Sources x_refsource_misc

http://isc.sans.org/diary.php?storyid=1861

Scores

EPSS 0.5994

EPSS Percentile 99.0%

Details

Status published

Products (1)

winzip/winzip 10.0

Published Nov 14, 2006

Tracked Since Feb 18, 2026