Sky Software FileView ActiveX Control Remote Code Execution Vulnerability
BID:21108
Info
Sky Software FileView ActiveX Control Remote Code Execution Vulnerability
| Bugtraq ID: | 21108 |
| Class: | Access Validation Error |
| CVE: |
CVE-2006-3890 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 15 2006 12:00AM |
| Updated: | Nov 02 2007 04:26PM |
| Credit: | Dan Plakosh and Will Dormann of CERT/CC reported this issue. It was also disclosed by Micheal Turner. |
| Vulnerable: |
WinZip WinZip 10.0 Sky Software FileView ActiveX Control 0 |
| Not Vulnerable: |
WinZip WinZip 10.0 Build 7245 |
Discussion
Sky Software FileView ActiveX Control Remote Code Execution Vulnerability
Sky Software FileView is prone to a remote code-execution vulnerability.
Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of applications using the affected ActiveX control. Attackers may be able to compromise affected computers.
Sky Software FileView is included with several applications including WinZip. Versions of WinZip in the 10.0 series prior to build 7245 are vulnerable to this issue. Other unspecified packages may also include the affected ActiveX controls.
This issue is different from the one described in BID 21060 (WinZip ActiveX Control Remote Code Execution Vulnerability).
Sky Software FileView is prone to a remote code-execution vulnerability.
Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of applications using the affected ActiveX control. Attackers may be able to compromise affected computers.
Sky Software FileView is included with several applications including WinZip. Versions of WinZip in the 10.0 series prior to build 7245 are vulnerable to this issue. Other unspecified packages may also include the affected ActiveX controls.
This issue is different from the one described in BID 21060 (WinZip ActiveX Control Remote Code Execution Vulnerability).
Exploit / POC
Sky Software FileView ActiveX Control Remote Code Execution Vulnerability
UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
UPDATE: Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
Solution / Fix
Sky Software FileView ActiveX Control Remote Code Execution Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
WinZip has released fixes to address this issue. Please see the references for information on obtaining and applying fixes.
Due to the similarity of this issue to the one described in BID 21060, fixes included in Microsoft's security advisory MS06-067 may set the kill bit for the vulnerable ActiveX control. Symantec has not confirmed this.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
WinZip has released fixes to address this issue. Please see the references for information on obtaining and applying fixes.
Due to the similarity of this issue to the one described in BID 21060, fixes included in Microsoft's security advisory MS06-067 may set the kill bit for the vulnerable ActiveX control. Symantec has not confirmed this.
References
Sky Software FileView ActiveX Control Remote Code Execution Vulnerability
References:
References:
- Handler's Diary November 15th 2006 (SANS)
- Vulnerability Note VU#225217 (US-CERT)
- WinZip 10.0 Build 7245 (WinZip)
- WinZip Homepage (WinZip)