CVE-2006-6884

EXPLOITED

WinZip 10.0 Build 6667 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2006-6884 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 3 public exploits from researchers including XiaoHui, prdelka.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in WinZip's FileView ActiveX Control (CVE-2006-6884) via heap spraying and a crafted string passed to CreateNewFolderFromName. It achieves remote code execution by overwriting memory with shellcode.

Description

Buffer overflow in the WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 Build 6667 allows remote attackers to execute arbitrary code via a long argument to the CreateNewFolderFromName method, a different vulnerability than CVE-2006-5198.

Exploits (3)

exploitdb WORKING POC VERIFIED
by XiaoHui · htmlremotewindows
https://www.exploit-db.com/exploits/3055

This exploit targets a buffer overflow vulnerability in WinZip's FileView ActiveX Control (CVE-2006-6884) via heap spraying and a crafted string passed to CreateNewFolderFromName. It achieves remote code execution by overwriting memory with shellcode.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: WinZip 10.0 (6667) with FileView ActiveX Control
No auth needed
Prerequisites: ActiveX Control enabled (registry key not disabled) · Victim visits malicious HTML page
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by prdelka · cremotewindows
https://www.exploit-db.com/exploits/2785

This exploit targets a stack-based buffer overflow in the WinZip FileView ActiveX control (CVE-2006-6884). It generates a malicious HTML page and embeds shellcode within a BMP image to achieve remote code execution when a user visits the page.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Unreliable
Target: WinZip <= 10.0.7245
No auth needed
Prerequisites: Victim must visit a malicious webpage · WinZip with vulnerable FileView ActiveX control installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by prdelka · htmldoswindows
https://www.exploit-db.com/exploits/2783

This exploit targets a stack-based buffer overflow in the WinZip FileView ActiveX control via an unsafe method exposure. The PoC uses a long string to trigger the overflow when the 'OnAfterItemAdd' event is fired.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: WinZip FileView ActiveX Control (CLSID:A09AE68F-B14D-43ED-B713-BA413F034904)
No auth needed
Prerequisites: Victim must have the vulnerable WinZip FileView ActiveX control installed · Victim must visit a malicious webpage or open a malicious HTML file
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/455612/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/455608/100/0/threaded

Scores

EPSS 0.1157
EPSS Percentile 93.8%

Details

VulnCheck KEV 2009-03-20
CWE
CWE-119
Status published
Products (1)
winzip/winzip 10.0_build_6667
Published Dec 31, 2006
Tracked Since Feb 18, 2026