Описание
Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198.
Ссылки
- ExploitPatchVendor Advisory
- PatchUS Government Resource
- ExploitPatch
- ExploitPatchVendor Advisory
- PatchUS Government Resource
- ExploitPatch
Уязвимые конфигурации
Конфигурация 1Версия до 10.0 (включая)
Одно из
cpe:2.3:a:sky_software:fileview_activex_control:*:*:*:*:*:*:*:*
cpe:2.3:a:winzip:winzip:*:*:*:*:*:*:*:*
cpe:2.3:a:winzip:winzip:7.0:*:*:*:*:*:*:*
cpe:2.3:a:winzip:winzip:8.0:*:*:*:*:*:*:*
cpe:2.3:a:winzip:winzip:8.1:*:*:*:*:*:*:*
cpe:2.3:a:winzip:winzip:8.1:sr1:*:*:*:*:*:*
cpe:2.3:a:winzip:winzip:9.0:*:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.49555
Средний
9.3 Critical
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198.
EPSS
Процентиль: 98%
0.49555
Средний
9.3 Critical
CVSS2
Дефекты
NVD-CWE-Other