CVE-2006-3890: Buffer Overflow
First published: Tue Nov 21 2006(Updated: )
Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198.
Credit: cret@cert.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Corel WinZip | =7.0 | |
| Sky Software FileView ActiveX control | ||
| Corel WinZip | =8.1-sr1 | |
| Corel WinZip | =9.0 | |
| Corel WinZip | <=10.0 | |
| Corel WinZip | =8.1 | |
| Corel WinZip | =8.0 | |
| <=10.0 | ||
| =7.0 | ||
| =8.0 | ||
| =8.1 | ||
| =8.1-sr1 | ||
| =9.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.kb.cert.org/vuls/id/225217
- http://www.securityfocus.com/bid/21060
- http://secunia.com/advisories/22891
- http://www.securityfocus.com/bid/21108
- https://www.exploit-db.com/exploits/2785
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067
- http://www.securityfocus.com/archive/1/451566/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2006-3890?
CVE-2006-3890 is classified as a high severity vulnerability due to the potential for remote code execution.
How do I fix CVE-2006-3890?
To address CVE-2006-3890, you should update to a patched version of WinZip that is newer than version 10.0.
Which applications are affected by CVE-2006-3890?
CVE-2006-3890 affects WinZip versions 7.0 to 10.0 and the Sky Software FileView ActiveX control.
What type of vulnerability is CVE-2006-3890?
CVE-2006-3890 is a stack-based buffer overflow vulnerability that can be exploited to execute arbitrary code.
Can CVE-2006-3890 be exploited remotely?
Yes, CVE-2006-3890 can be exploited remotely by attackers through specially crafted inputs to the affected applications.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/severity
- agent/remedy
- agent/weakness
- agent/description
- agent/first-publish-date
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/winzip
- canonical/corel winzip
- version/corel winzip/7.0
- vendor/sky software
- canonical/sky software fileview activex control
- version/corel winzip/8.1-sr1
- version/corel winzip/9.0
- version/corel winzip/10.0
- version/corel winzip/8.1
- version/corel winzip/8.0