Vulnerability Details : CVE-2006-3890
Potential exploit
Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198.
Vulnerability category: OverflowExecute code
Products affected by CVE-2006-3890
- cpe:2.3:a:winzip:winzip:*:*:*:*:*:*:*:*
- cpe:2.3:a:winzip:winzip:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:winzip:winzip:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:winzip:winzip:9.0:*:*:*:*:*:*:*
- cpe:2.3:a:winzip:winzip:8.1:*:*:*:*:*:*:*
- cpe:2.3:a:winzip:winzip:8.1:sr1:*:*:*:*:*:*
- cpe:2.3:a:sky_software:fileview_activex_control:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2006-3890
48.69%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-3890
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
References for CVE-2006-3890
-
http://www.securityfocus.com/archive/1/451566/100/0/threaded
-
http://www.kb.cert.org/vuls/id/225217
Patch;US Government Resource
-
https://www.exploit-db.com/exploits/2785
-
http://www.securityfocus.com/bid/21060
WinZip WZFileView.FileViewCtrl.61 ActiveX Control Multiple Remote Code Execution VulnerabilitiesExploit;Patch
-
http://secunia.com/advisories/22891
Exploit;Patch;Vendor Advisory
-
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067
-
http://www.securityfocus.com/bid/21108
Jump to