|
 |
|
WinZip FileView ActiveX Control Multiple Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA22891
|
|
|
Release Date:
|
2006-11-15
|
|
Last Update:
|
2007-01-10
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | WinZip 10.x
|
| | CVE reference: | CVE-2006-3890 (Secunia mirror)
CVE-2006-5198 (Secunia mirror)
CVE-2006-6884 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Some vulnerabilities have been reported in WinZip, which can be exploited by malicious people to compromise a user's system.
1) Several unspecified insecure methods exist in the FileView ActiveX control (WZFILEVIEW.FileViewCtrl.61). This can be exploited to execute arbitrary code when a user e.g. visits a malicious website.
2) A boundary error in the FileView ActiveX control within the handling of the "filepattern" property can be exploited to cause a buffer overflow.
3) A boundary error in the FileView ActiveX control within the handling of parameters passed to the "CreateNewFolderFromName" method can be exploited to cause a stack-based buffer overflow via an overly long string (greater than 230 bytes) passed to the said method.
The vulnerabilities are reported in WinZip 10.0 versions prior to Build 7245.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
Solution:
Update to version 10.0 Build 7245.
Provided and/or discovered by:
1) Discovered by an anonymous person and reported via ZDI.
2) Independently discovered by:
* Michael Turner
* Dan Plakosh and Will Dormann, CERT/CC.
3) Vulnerable method identified by XiaoHui.
Changelog:
2006-11-16: Added links to US-CERT. Added information about additional vulnerability.
2007-01-02: Added information about "CreateNewFolderFromName" method.
2007-01-10: Added CVE reference.
Original Advisory:
WinZip:
http://www.winzip.com/wz7245.htm
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-06-040.html
Other References:
US-CERT VU#225217:
http://www.kb.cert.org/vuls/id/225217
US-CERT VU#512804:
http://www.kb.cert.org/vuls/id/512804
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
