WinZip WZFileView.FileViewCtrl.61 ActiveX Control Multiple Remote Code Execution Vulnerabilities
BID:21060
Info
WinZip WZFileView.FileViewCtrl.61 ActiveX Control Multiple Remote Code Execution Vulnerabilities
| Bugtraq ID: | 21060 |
| Class: | Access Validation Error |
| CVE: |
CVE-2006-5198 CVE-2006-3890 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 14 2006 12:00AM |
| Updated: | Nov 02 2007 04:26PM |
| Credit: | The discoverer of this issue wishes to remain anonymous. |
| Vulnerable: |
WinZip WinZip 10.0 |
| Not Vulnerable: |
WinZip WinZip 10.0 Build 7245 |
Discussion
WinZip WZFileView.FileViewCtrl.61 ActiveX Control Multiple Remote Code Execution Vulnerabilities
WinZip is prone to multiple remote code-execution vulnerabilities in an ActiveX control that is installed with the package.
Exploiting these issues allows remote attackers to execute arbitrary machine code in the context of applications using the affected ActiveX control and possibly to compromise affected computers.
WinZip versions in the 10.0 series prior to build 7245 are vulnerable to these issues.
WinZip is prone to multiple remote code-execution vulnerabilities in an ActiveX control that is installed with the package.
Exploiting these issues allows remote attackers to execute arbitrary machine code in the context of applications using the affected ActiveX control and possibly to compromise affected computers.
WinZip versions in the 10.0 series prior to build 7245 are vulnerable to these issues.
Exploit / POC
WinZip WZFileView.FileViewCtrl.61 ActiveX Control Multiple Remote Code Execution Vulnerabilities
Reports indicate this issue is being exploited in the wild.
UPDATE - CORE has developed a working commercial exploit for their IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following exploits are available:
Reports indicate this issue is being exploited in the wild.
UPDATE - CORE has developed a working commercial exploit for their IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following exploits are available:
Solution / Fix
WinZip WZFileView.FileViewCtrl.61 ActiveX Control Multiple Remote Code Execution Vulnerabilities
Solution:
The vendor has released a fixed version of WinZip to address this issue. Please see the references for information on obtaining and applying fixes.
UPDATE: Reportedly, fixes included in Microsoft's security advisory MS06-067 set the kill bit for the vulnerable ActiveX control.
Solution:
The vendor has released a fixed version of WinZip to address this issue. Please see the references for information on obtaining and applying fixes.
UPDATE: Reportedly, fixes included in Microsoft's security advisory MS06-067 set the kill bit for the vulnerable ActiveX control.
References
WinZip WZFileView.FileViewCtrl.61 ActiveX Control Multiple Remote Code Execution Vulnerabilities
References:
References:
- Handler's Diary November 15th 2006 (SANS)
- WinZip 10.0 Build 7245 (WinZip)
- WinZip Homepage (WinZip)
- Re: ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerabi (Micheal Turner
) - WinZip FileView ActiveX controls CreateNewFolderFromName Method Buffer Overflow ([email protected])
- WinZip10.0 FileView ActiveX Controls CreateNewFolderFromName Method Buffer overf ([email protected])
- ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability ([email protected])