Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > November 2006 > SECUNIA ADVISORY: ID:SA22891 - WinZip FileView ActiveX Control Insecure Methods

November 2006

SECUNIA ADVISORY: ID:SA22891 - WinZip FileView ActiveX Control Insecure Methods

ID: 00795
Ref: 754/2006
Date: 16 November 2006:14:22:20
Version: 1
Title: SECUNIA ADVISORY: ID:SA22891 - WinZip FileView ActiveX Control Insecure Methods
Abstract:
Vendors affected: Secunia
Operating systems affected: Secunia
Applications affected: Secunia
Title
=====

SECUNIA ADVISORY: ID:SA22891 - WinZip FileView ActiveX Control Insecure Methods

Detail
======

A vulnerability has been reported in WinZip, which can be exploited
by malicious people to compromise a user's system.
The vulnerability is caused due to several unspecified insecure
methods in the FileView ActiveX control (WZFILEVIEW.FileViewCtrl.61).
This can be exploited to execute arbitrary code via a specially
crafted web site.


- ----------------------------------------------------------------------

TITLE:
WinZip FileView ActiveX Control Insecure Methods

SECUNIA ADVISORY ID:
SA22891

VERIFY ADVISORY:
http://secunia.com/advisories/22891/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
- From remote

SOFTWARE:
WinZip 10.x
http://secunia.com/product/6294/

DESCRIPTION:
A vulnerability has been reported in WinZip, which can be exploited
by malicious people to compromise a user's system.

The vulnerability is caused due to several unspecified insecure
methods in the FileView ActiveX control (WZFILEVIEW.FileViewCtrl.61).
This can be exploited to execute arbitrary code via a specially
crafted web site.

Successful exploitation requires that the user is tricked into
visiting a malicious web site.

The vulnerability is reported in WinZip 10.0 versions prior to Build
7245.

SOLUTION:
Update to version 10.0 Build 7245.

PROVIDED AND/OR DISCOVERED BY:
Discovered by an anonymous person and reported via ZDI.

ORIGINAL ADVISORY:
WinZip:
http://www.winzip.com/wz7245.htm

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-06-040.html

- ----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |