Lucene search
AnonymousZDI-06-040HistoryNov 14, 2006 - 12:00 a.m.
WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability
2006-11-1400:00:00
Anonymous
www.zerodayinitiative.com
21
0.963 High
EPSS
Percentile
99.5%
This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the ActiveX control WZFILEVIEW.FileViewCtrl.61, CLSID: A09AE68F-B14D-43ED-B713-BA413F034904 A re-branded version of the “FileView” ActiveX control developed by Sky Software. The object is marked “Safe for Scripting” and exposes several unsafe methods which can be leveraged to result in arbitrary code execution with no further interaction.
References
Related
nvd
nvd
cert
cert
packetstorm
packetstorm
WinZip FileView (WZFILEVIEW.FileViewCtrl.61) ActiveX Buffer Overflow
2009-11-26 00:00:00
cve
cve
saint
saint
WinZip FileView ActiveX control unsafe method
2006-11-27 00:00:00
WinZip FileView ActiveX control unsafe method
2006-11-27 00:00:00
WinZip FileView ActiveX control unsafe method
2006-11-27 00:00:00
cvelist
cvelist
securityvulns
securityvulns
checkpoint_advisories
checkpoint_advisories
nessus
nessus
WinZip FileView ActiveX Control Vulnerabilities
2006-11-15 00:00:00