Vulnerability Name:

CVE-2006-5198 (CCN-30316)

Assigned:2006-11-14
Published:2006-11-14
Updated:2018-10-17
Summary:The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 before build 7245 allows remote attackers to execute arbitrary code via unspecified "unsafe methods."
CVSS v3 Severity:5.6 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): High
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:4.0 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N)
3.3 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): None
5.1 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
4.2 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2006-5198

Source: MISC
Type: UNKNOWN
http://isc.sans.org/diary.php?storyid=1861

Source: CCN
Type: SA22891
WinZip FileView ActiveX Control Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
22891

Source: CCN
Type: SECTRACK ID: 1017226
WinZip FileView ActiveX Control Lets Remote Users Execute Arbitrary Code

Source: SECTRACK
Type: UNKNOWN
1017226

Source: CCN
Type: US-CERT VU#512804
Sky Software FileView ActiveX control allows arbitrary command execution via unsafe methods

Source: CERT-VN
Type: US Government Resource
VU#512804

Source: CCN
Type: OSVDB ID: 30432
WinZip FileView ActiveX filepattern Property Overflow

Source: CCN
Type: OSVDB ID: 30433
WinZip WZFILEVIEW.FileViewCtrl.61 Unspecified Remote Code Execution

Source: CCN
Type: OSVDB ID: 33357
WinZip WZFILEVIEW.FileViewCtrl.61 ActiveX CreateNewFolderFromName Method Overflow

Source: BUGTRAQ
Type: UNKNOWN
20061114 ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability

Source: BID
Type: UNKNOWN
21060

Source: CCN
Type: BID-21060
WinZip WZFileView.FileViewCtrl.61 ActiveX Control Multiple Remote Code Execution Vulnerabilities

Source: CCN
Type: Sky Software Web site
FileView Control

Source: VUPEN
Type: UNKNOWN
ADV-2006-4509

Source: CCN
Type: WinZip Web site
WinZip 10.0 Build 7245

Source: CONFIRM
Type: UNKNOWN
http://www.winzip.com/wz7245.htm

Source: MISC
Type: Vendor Advisory
http://www.zerodayinitiative.com/advisories/ZDI-06-040.html

Source: MS
Type: UNKNOWN
MS06-067

Source: XF
Type: UNKNOWN
fileview-winzip-activex-code-execution(30316)

Source: CCN
Type: Rapid7 Vulnerability and Exploit Database [11-02-2007]
WinZip FileView (WZFILEVIEW.FileViewCtrl.61) ActiveX Buffer Overflow

Source: CCN
Type: ZDI-06-040
WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability

Vulnerable Configuration:Configuration 1:
  • cpe:/a:winzip:winzip:10.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:sky_software:fileview_activex_control:*:*:*:*:*:*:*:*
  • OR cpe:/a:winzip:winzip:10.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    winzip winzip 10.0
    sky_software fileview activex control *
    winzip winzip 10.0