Published: 31/12/2006 Updated: 17/10/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 945

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Buffer overflow in the WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 Build 6667 allows remote malicious users to execute arbitrary code via a long argument to the CreateNewFolderFromName method, a different vulnerability than CVE-2006-5198.

Vulnerable Product	Search on Vulmon	Subscribe to Product
winzip winzip 10.0_build_6667

<HTML> <HEAD> <TITLE></TITLE> </HEAD> <BODY> <SCRIPT LANGUAGE="VBScript"> <!-- Sub WZFILEVIEW_OnAfterItemAdd(Item) WZFILEVIEWFilePattern = "STACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBASEDOVERFLOWSTACKBAS ...

/* WinZip <= 1007245 FileView ActiveX buffer overflow exploit * ============================================================ * A vulnerability has been identified within Winzip that allows remote * attackers to execute arbitrary code User interaction is required to * exploit this vulnerability in that the target must visit a malicious ...

<html> <head> <object classid="clsid:{A09AE68F-B14D-43ED-B713-BA413F034904}" id="winzip"> </object> </head> <body> <SCRIPT language="javascript"> /* ---===[ winzip-exploithtml XiaoHui : 76693223[at]163com HomePage: wwwnipcorgcn (c) 2006 All rights reserved note:Because of the prior vuln in FileView ...

CWE-119 http://www.securityfocus.com/archive/1/455612/100/0/threaded http://www.securityfocus.com/archive/1/455608/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/2783/

CVE-2006-6884

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect