← Back

CVE-2006-3890

nvd nist
Published: Nov 21, 2006Modified: Apr 23, 2026

JSON object

Loading...
9.3
Vector
AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploitability: 8.6 / Impact: 10.0
Source: NVD

Description

Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198.

Affected (7)

Sky Software
1 product
Fileview Activex Control
Winzip
1 product
Winzip
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Fileview Activex Control
All versions
Winzip
Winzip
Up to 10.0
Winzip
Version 7.0
Winzip
Version 8.0
Winzip
Version 8.1
Winzip
Version 8.1 sr1
Winzip
Version 9.0

References (14)

Source: cret@cert.org
ExploitPatchVendor Advisory
Source: cret@cert.org
PatchUS Government Resource
Source: cret@cert.org
Source: cret@cert.org
ExploitPatch
Source: cret@cert.org
Source: cret@cert.org
Source: cret@cert.org
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchUS Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.