CVE-2006-3890
🔴 Łataj teraz
Przepełnienie bufora w kontrolce ActiveX Sky Software FileView umożliwia zdalne wykonanie kodu.
CVSS
9.3
EPSS
49.5%
Exploit
poc
Vendor
winzip
Opis źródłowy (NVD)
Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198.
buffer-overflow exploit
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 9.3 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 49.5% |
| Opublikowano (NVD) | 2006-11-21 22:07:00 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-23 00:35:47 UTC |
Referencje
- http://secunia.com/advisories/22891 (cret@cert.org) [Exploit, Patch, Vendor Advisory]
- http://www.kb.cert.org/vuls/id/225217 (cret@cert.org) [Patch, US Government Resource]
- http://www.securityfocus.com/archive/1/451566/100/0/threaded (cret@cert.org)
- http://www.securityfocus.com/bid/21060 (cret@cert.org) [Exploit, Patch]
- http://www.securityfocus.com/bid/21108 (cret@cert.org)
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067 (cret@cert.org)
- https://www.exploit-db.com/exploits/2785 (cret@cert.org)