{"api_version":"1","generated_at":"2026-04-24T09:44:44+00:00","cve":"CVE-2006-3890","urls":{"html":"https://cve.report/CVE-2006-3890","api":"https://cve.report/api/cve/CVE-2006-3890.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2006-3890","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2006-3890"},"summary":{"title":"CVE-2006-3890","description":"Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198.","state":"PUBLISHED","assigner":"certcc","published_at":"2006-11-21 22:07:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["NVD-CWE-Other","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"9.3","severity":"","vector":"AV:N/AC:M/Au:N/C:C/I:C/A:C","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"}}],"references":[{"url":"http://www.securityfocus.com/bid/21060","name":"http://www.securityfocus.com/bid/21060","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch"],"title":"WinZip WZFileView.FileViewCtrl.61 ActiveX Control Multiple Remote Code Execution Vulnerabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://secunia.com/advisories/22891","name":"http://secunia.com/advisories/22891","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Patch","Vendor Advisory"],"title":"WinZip FileView ActiveX Control Multiple Vulnerabilities - Advisories - Secunia","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/451566/100/0/threaded","name":"http://www.securityfocus.com/archive/1/451566/100/0/threaded","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"SecurityFocus","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.kb.cert.org/vuls/id/225217","name":"http://www.kb.cert.org/vuls/id/225217","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","US Government Resource"],"title":"VU#225217 - Sky Software FileView ActiveX control buffer overflow vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.exploit-db.com/exploits/2785","name":"https://www.exploit-db.com/exploits/2785","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"WinZip 10.0.7245 - FileView ActiveX Remote Buffer Overflow - Windows remote Exploit","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067","name":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Microsoft Security Bulletin MS06-067 - Critical | Microsoft Docs","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/21108","name":"http://www.securityfocus.com/bid/21108","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Sky Software FileView ActiveX Control Remote Code Execution Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2006-3890","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2006-3890","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2006","cve_id":"3890","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sky_software","cpe5":"fileview_activex_control","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"3890","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"winzip","cpe5":"winzip","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"3890","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"winzip","cpe5":"winzip","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"3890","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"winzip","cpe5":"winzip","cpe6":"8.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"3890","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"winzip","cpe5":"winzip","cpe6":"8.1","cpe7":"sr1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"3890","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"winzip","cpe5":"winzip","cpe6":"9.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2006","cve_id":"3890","vulnerable":"1","versionEndIncluding":"10.0","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"winzip","cpe5":"winzip","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-07T18:48:39.422Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"VU#225217","tags":["third-party-advisory","x_refsource_CERT-VN","x_transferred"],"url":"http://www.kb.cert.org/vuls/id/225217"},{"name":"22891","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/22891"},{"name":"21060","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/21060"},{"name":"20061114 Re: [Full-disclosure] ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/451566/100/0/threaded"},{"name":"2785","tags":["exploit","x_refsource_EXPLOIT-DB","x_transferred"],"url":"https://www.exploit-db.com/exploits/2785"},{"name":"21108","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/21108"},{"name":"MS06-067","tags":["vendor-advisory","x_refsource_MS","x_transferred"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2006-11-14T00:00:00.000Z","descriptions":[{"lang":"en","value":"Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2018-10-17T20:57:01.000Z","orgId":"37e5125f-f79b-445b-8fad-9564f167944b","shortName":"certcc"},"references":[{"name":"VU#225217","tags":["third-party-advisory","x_refsource_CERT-VN"],"url":"http://www.kb.cert.org/vuls/id/225217"},{"name":"22891","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/22891"},{"name":"21060","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/21060"},{"name":"20061114 Re: [Full-disclosure] ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/451566/100/0/threaded"},{"name":"2785","tags":["exploit","x_refsource_EXPLOIT-DB"],"url":"https://www.exploit-db.com/exploits/2785"},{"name":"21108","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/21108"},{"name":"MS06-067","tags":["vendor-advisory","x_refsource_MS"],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cert@cert.org","ID":"CVE-2006-3890","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"VU#225217","refsource":"CERT-VN","url":"http://www.kb.cert.org/vuls/id/225217"},{"name":"22891","refsource":"SECUNIA","url":"http://secunia.com/advisories/22891"},{"name":"21060","refsource":"BID","url":"http://www.securityfocus.com/bid/21060"},{"name":"20061114 Re: [Full-disclosure] ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/451566/100/0/threaded"},{"name":"2785","refsource":"EXPLOIT-DB","url":"https://www.exploit-db.com/exploits/2785"},{"name":"21108","refsource":"BID","url":"http://www.securityfocus.com/bid/21108"},{"name":"MS06-067","refsource":"MS","url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067"}]}}}},"cveMetadata":{"assignerOrgId":"37e5125f-f79b-445b-8fad-9564f167944b","assignerShortName":"certcc","cveId":"CVE-2006-3890","datePublished":"2006-11-21T22:00:00.000Z","dateReserved":"2006-07-26T00:00:00.000Z","dateUpdated":"2024-08-07T18:48:39.422Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2006-11-21 22:07:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["NVD-CWE-Other","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:C/I:C/A:C","baseScore":9.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":8.6,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":true,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sky_software:fileview_activex_control:*:*:*:*:*:*:*:*","matchCriteriaId":"21660198-9790-4706-A792-8CD17E8DC5D3"},{"vulnerable":true,"criteria":"cpe:2.3:a:winzip:winzip:*:*:*:*:*:*:*:*","versionEndIncluding":"10.0","matchCriteriaId":"AE3CDFCE-D565-4FB0-8467-DF4D2E139AB1"},{"vulnerable":true,"criteria":"cpe:2.3:a:winzip:winzip:7.0:*:*:*:*:*:*:*","matchCriteriaId":"A2ACBE01-B77A-4D09-8FB3-D6365786C44F"},{"vulnerable":true,"criteria":"cpe:2.3:a:winzip:winzip:8.0:*:*:*:*:*:*:*","matchCriteriaId":"FDE7DCD6-90B3-4259-9BE6-B9F7A30A64AF"},{"vulnerable":true,"criteria":"cpe:2.3:a:winzip:winzip:8.1:*:*:*:*:*:*:*","matchCriteriaId":"4088C545-249E-47AD-8BF8-A6A2E5B2BF18"},{"vulnerable":true,"criteria":"cpe:2.3:a:winzip:winzip:8.1:sr1:*:*:*:*:*:*","matchCriteriaId":"3533CE02-6CC0-4E64-B604-BAA131042C7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:winzip:winzip:9.0:*:*:*:*:*:*:*","matchCriteriaId":"523ADB29-C3D5-4C06-89B6-22B5FC68C240"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2006","CveId":"3890","Ordinal":"1","Title":"CVE-2006-3890","CVE":"CVE-2006-3890","Year":"2006"},"notes":[{"CveYear":"2006","CveId":"3890","Ordinal":"1","NoteData":"Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198.","Type":"Description","Title":"CVE-2006-3890"},{"CveYear":"2006","CveId":"3890","Ordinal":"2","NoteData":"2006-11-21","Type":"Other","Title":"Published"},{"CveYear":"2006","CveId":"3890","Ordinal":"3","NoteData":"2018-10-17","Type":"Other","Title":"Modified"}]}}}