Vulnerability Description
Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sky Software | Fileview Activex Control | All versions |
| Winzip | Winzip | <= 10.0 |
References
- http://secunia.com/advisories/22891ExploitPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/225217PatchUS Government Resource
- http://www.securityfocus.com/archive/1/451566/100/0/threaded
- http://www.securityfocus.com/bid/21060ExploitPatch
- http://www.securityfocus.com/bid/21108
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-06
- https://www.exploit-db.com/exploits/2785
- http://secunia.com/advisories/22891ExploitPatchVendor Advisory
- http://www.kb.cert.org/vuls/id/225217PatchUS Government Resource
- http://www.securityfocus.com/archive/1/451566/100/0/threaded
- http://www.securityfocus.com/bid/21060ExploitPatch
- http://www.securityfocus.com/bid/21108
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-06
- https://www.exploit-db.com/exploits/2785
FAQ
What is CVE-2006-3890?
CVE-2006-3890 is a vulnerability with a CVSS score of 9.3 (HIGH). Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code vi...
How severe is CVE-2006-3890?
CVE-2006-3890 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3890?
Check the references section above for vendor advisories and patch information. Affected products include: Sky Software Fileview Activex Control, Winzip Winzip.