Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2006-3890 | First vendor Publication | 2006-11-21 |
Vendor | Cve | Last vendor Modification | 2018-10-17 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3890 |
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2010-07-16 | Internet Explorer Daxctle.OCX KeyFrame Method Heap Buffer Overflow Vulnerability |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
30432 | WinZip FileView ActiveX filepattern Property Overflow |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | WinZip FileView 6.1 ActiveX function call access RuleID : 9131 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | WinZip FileView 6.1 ActiveX clsid unicode access RuleID : 9130 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | WinZip FileView 6.1 ActiveX clsid access RuleID : 9129 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAArray.1 ActiveX function call a... RuleID : 8845 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAArray.1 ActiveX CLSID unicode access RuleID : 8844 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAArray.1 ActiveX clsid access RuleID : 8843 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DABbox2.1 ActiveX function call a... RuleID : 8842 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DABbox2.1 ActiveX CLSID unicode access RuleID : 8841 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DABbox2.1 ActiveX clsid access RuleID : 8840 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DABbox3.1 ActiveX function call a... RuleID : 8839 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DABbox3.1 ActiveX CLSID unicode access RuleID : 8838 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DABbox3.1 ActiveX clsid access RuleID : 8837 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DABoolean.1 ActiveX function call... RuleID : 8836 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DABoolean.1 ActiveX CLSID unicode access RuleID : 8835 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DABoolean.1 ActiveX clsid access RuleID : 8834 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DACamera.1 ActiveX function call ... RuleID : 8833 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DACamera.1 ActiveX CLSID unicode access RuleID : 8832 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DACamera.1 ActiveX clsid access RuleID : 8831 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAColor.1 ActiveX function call a... RuleID : 8830 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAColor.1 ActiveX CLSID unicode access RuleID : 8829 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAColor.1 ActiveX clsid access RuleID : 8828 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DADashStyle.1 ActiveX function ca... RuleID : 8827 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DADashStyle.1 ActiveX CLSID unicode access RuleID : 8826 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DADashStyle.1 ActiveX clsid access RuleID : 8825 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAGeometry.1 ActiveX function cal... RuleID : 8824 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAGeometry.1 ActiveX CLSID unicode access RuleID : 8823 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAGeometry.1 ActiveX clsid access RuleID : 8822 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAImage.1 ActiveX function call a... RuleID : 8821 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAImage.1 ActiveX CLSID unicode access RuleID : 8820 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAImage.1 ActiveX clsid access RuleID : 8819 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAJoinStyle.1 ActiveX function ca... RuleID : 8818 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAJoinStyle.1 ActiveX CLSID unicode access RuleID : 8817 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAJoinStyle.1 ActiveX clsid access RuleID : 8816 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DALineStyle.1 ActiveX function ca... RuleID : 8815 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DALineStyle.1 ActiveX CLSID unicode access RuleID : 8814 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DALineStyle.1 ActiveX clsid access RuleID : 8813 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAMatte.1 ActiveX function call a... RuleID : 8812 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAMatte.1 ActiveX CLSID unicode access RuleID : 8811 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAMatte.1 ActiveX clsid access RuleID : 8810 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAMicrophone.1 ActiveX function c... RuleID : 8809 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAMicrophone.1 ActiveX CLSID unicode access RuleID : 8808 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAMicrophone.1 ActiveX clsid access RuleID : 8807 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAMontage.1 ActiveX function call... RuleID : 8806 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAMontage.1 ActiveX CLSID unicode access RuleID : 8805 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAMontage.1 ActiveX clsid access RuleID : 8804 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DANumber.1 ActiveX function call ... RuleID : 8803 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DANumber.1 ActiveX CLSID unicode access RuleID : 8802 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DANumber.1 ActiveX clsid access RuleID : 8801 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAPair.1 ActiveX function call ac... RuleID : 8800 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAPair.1 ActiveX CLSID unicode access RuleID : 8799 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAPair.1 ActiveX clsid access RuleID : 8798 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAPath2.1 ActiveX function call a... RuleID : 8797 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAPath2.1 ActiveX CLSID unicode access RuleID : 8796 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAPath2.1 ActiveX clsid access RuleID : 8795 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAPoint2.1 ActiveX function call ... RuleID : 8794 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAPoint2.1 ActiveX CLSID unicode access RuleID : 8793 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAPoint2.1 ActiveX clsid access RuleID : 8792 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAPoint3.1 ActiveX function call ... RuleID : 8791 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAPoint3.1 ActiveX CLSID unicode access RuleID : 8790 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAPoint3.1 ActiveX clsid access RuleID : 8789 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DASound.1 ActiveX function call a... RuleID : 8788 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DASound.1 ActiveX CLSID unicode access RuleID : 8787 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DASound.1 ActiveX clsid access RuleID : 8786 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAString.1 ActiveX function call ... RuleID : 8785 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAString.1 ActiveX CLSID unicode access RuleID : 8784 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAString.1 ActiveX clsid access RuleID : 8783 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DATransform2.1 ActiveX function c... RuleID : 8782 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DATransform2.1 ActiveX CLSID unicode access RuleID : 8781 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DATransform2.1 ActiveX clsid access RuleID : 8780 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DATransform3.1 ActiveX function c... RuleID : 8779 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DATransform3.1 ActiveX CLSID unicode access RuleID : 8778 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DATransform3.1 ActiveX clsid access RuleID : 8777 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAUserData.1 ActiveX function cal... RuleID : 8776 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAUserData.1 ActiveX CLSID unicode access RuleID : 8775 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAUserData.1 ActiveX clsid access RuleID : 8774 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAVector2.1 ActiveX function call... RuleID : 8773 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAVector2.1 ActiveX CLSID unicode access RuleID : 8772 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAVector2.1 ActiveX clsid access RuleID : 8771 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAVector3.1 ActiveX function call... RuleID : 8770 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAVector3.1 ActiveX CLSID unicode access RuleID : 8769 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAVector3.1 ActiveX clsid access RuleID : 8768 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAView.1 ActiveX function call ac... RuleID : 8767 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAView.1 ActiveX CLSID unicode access RuleID : 8766 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAView.1 ActiveX clsid access RuleID : 8765 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.Sequence ActiveX function call ac... RuleID : 8764 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.Sequence ActiveX CLSID unicode access RuleID : 8763 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.Sequence ActiveX clsid access RuleID : 8762 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.SequencerControl ActiveX function... RuleID : 8761 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.SequencerControl ActiveX CLSID unicode access RuleID : 8760 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.SequencerControl ActiveX clsid ac... RuleID : 8759 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.SpriteControl ActiveX function ca... RuleID : 8758 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.SpriteControl ActiveX CLSID unicode access RuleID : 8757 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.SpriteControl ActiveX clsid access RuleID : 8756 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer LM.AutoEffectBvr.1 ActiveX function call access RuleID : 8755 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | LM.AutoEffectBvr.1 ActiveX CLSID unicode access RuleID : 8754 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer LM.AutoEffectBvr.1 ActiveX clsid access RuleID : 8753 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer LM.LMBehaviorFactory.1 ActiveX function call access RuleID : 8752 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | LM.LMBehaviorFactory.1 ActiveX CLSID unicode access RuleID : 8751 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer LM.LMBehaviorFactory.1 ActiveX clsid access RuleID : 8750 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAEndStyle.1 ActiveX function cal... RuleID : 8749 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAEndStyle.1 ActiveX CLSID unicode access RuleID : 8748 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAEndStyle.1 ActiveX clsid access RuleID : 8747 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAEvent.1 ActiveX function call a... RuleID : 8746 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAEvent.1 ActiveX CLSID unicode access RuleID : 8745 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAEvent.1 ActiveX clsid access RuleID : 8744 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAFontStyle.1 ActiveX function ca... RuleID : 8743 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAFontStyle.1 ActiveX CLSID unicode access RuleID : 8742 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAFontStyle.1 ActiveX clsid access RuleID : 8741 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Windows DirectAnimation.StructuredGraphicsControl ActiveX function ... RuleID : 7009 - Revision : 17 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer daxctle.ocx spline method buffer overflow attempt RuleID : 19885 - Revision : 9 - Type : BROWSER-IE |
2014-01-10 | WinZip FileView 6.1 ActiveX function call unicode access RuleID : 18169 - Revision : 3 - Type : WEB-ACTIVEX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-11-15 | Name : The remote Windows host has an ActiveX control that is affected by arbitrary ... File : winzip_fileview_activex_code_exec.nasl - Type : ACT_GATHER_INFO |
2006-11-14 | Name : Arbitrary code can be executed on the remote host through the web client. File : smb_nt_ms06-067.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-05 01:02:39 |
|
2021-05-04 12:04:22 |
|
2021-04-22 01:05:01 |
|
2020-05-24 01:02:35 |
|
2020-05-23 00:18:09 |
|
2018-10-18 00:19:37 |
|
2018-10-13 00:22:35 |
|
2017-10-19 09:23:49 |
|
2016-04-26 14:54:42 |
|
2014-02-17 10:36:44 |
|
2014-01-19 21:23:27 |
|
2013-05-11 11:05:07 |
|