Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2006-5198 | First vendor Publication | 2006-11-14 |
Vendor | Cve | Last vendor Modification | 2018-10-17 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:P/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4 | Attack Range | Network |
Cvss Impact Score | 4.9 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 before build 7245 allows remote attackers to execute arbitrary code via unspecified "unsafe methods." |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5198 |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
SAINT Exploits
Description | Link |
---|---|
WinZip FileView ActiveX control unsafe method | More info here |
ExploitDB Exploits
id | Description |
---|---|
2010-07-16 | Internet Explorer Daxctle.OCX KeyFrame Method Heap Buffer Overflow Vulnerability |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
30433 | WinZip WZFILEVIEW.FileViewCtrl.61 Unspecified Remote Code Execution A buffer overflow exists in WinZip. The WZFILEVIEW.FileViewCtrl.61 ActiveX control fails to validate data passed to the CreateNewFolderFromName method resulting in a buffer overflow. With a specially crafted website, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | WinZip FileView 6.1 ActiveX function call access RuleID : 9131 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | WinZip FileView 6.1 ActiveX clsid unicode access RuleID : 9130 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | WinZip FileView 6.1 ActiveX clsid access RuleID : 9129 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAArray.1 ActiveX function call a... RuleID : 8845 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAArray.1 ActiveX CLSID unicode access RuleID : 8844 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAArray.1 ActiveX clsid access RuleID : 8843 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DABbox2.1 ActiveX function call a... RuleID : 8842 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DABbox2.1 ActiveX CLSID unicode access RuleID : 8841 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DABbox2.1 ActiveX clsid access RuleID : 8840 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DABbox3.1 ActiveX function call a... RuleID : 8839 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DABbox3.1 ActiveX CLSID unicode access RuleID : 8838 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DABbox3.1 ActiveX clsid access RuleID : 8837 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DABoolean.1 ActiveX function call... RuleID : 8836 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DABoolean.1 ActiveX CLSID unicode access RuleID : 8835 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DABoolean.1 ActiveX clsid access RuleID : 8834 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DACamera.1 ActiveX function call ... RuleID : 8833 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DACamera.1 ActiveX CLSID unicode access RuleID : 8832 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DACamera.1 ActiveX clsid access RuleID : 8831 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAColor.1 ActiveX function call a... RuleID : 8830 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAColor.1 ActiveX CLSID unicode access RuleID : 8829 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAColor.1 ActiveX clsid access RuleID : 8828 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DADashStyle.1 ActiveX function ca... RuleID : 8827 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DADashStyle.1 ActiveX CLSID unicode access RuleID : 8826 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DADashStyle.1 ActiveX clsid access RuleID : 8825 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAGeometry.1 ActiveX function cal... RuleID : 8824 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAGeometry.1 ActiveX CLSID unicode access RuleID : 8823 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAGeometry.1 ActiveX clsid access RuleID : 8822 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAImage.1 ActiveX function call a... RuleID : 8821 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAImage.1 ActiveX CLSID unicode access RuleID : 8820 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAImage.1 ActiveX clsid access RuleID : 8819 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAJoinStyle.1 ActiveX function ca... RuleID : 8818 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAJoinStyle.1 ActiveX CLSID unicode access RuleID : 8817 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAJoinStyle.1 ActiveX clsid access RuleID : 8816 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DALineStyle.1 ActiveX function ca... RuleID : 8815 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DALineStyle.1 ActiveX CLSID unicode access RuleID : 8814 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DALineStyle.1 ActiveX clsid access RuleID : 8813 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAMatte.1 ActiveX function call a... RuleID : 8812 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAMatte.1 ActiveX CLSID unicode access RuleID : 8811 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAMatte.1 ActiveX clsid access RuleID : 8810 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAMicrophone.1 ActiveX function c... RuleID : 8809 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAMicrophone.1 ActiveX CLSID unicode access RuleID : 8808 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAMicrophone.1 ActiveX clsid access RuleID : 8807 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAMontage.1 ActiveX function call... RuleID : 8806 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAMontage.1 ActiveX CLSID unicode access RuleID : 8805 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAMontage.1 ActiveX clsid access RuleID : 8804 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DANumber.1 ActiveX function call ... RuleID : 8803 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DANumber.1 ActiveX CLSID unicode access RuleID : 8802 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DANumber.1 ActiveX clsid access RuleID : 8801 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAPair.1 ActiveX function call ac... RuleID : 8800 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAPair.1 ActiveX CLSID unicode access RuleID : 8799 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAPair.1 ActiveX clsid access RuleID : 8798 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAPath2.1 ActiveX function call a... RuleID : 8797 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAPath2.1 ActiveX CLSID unicode access RuleID : 8796 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAPath2.1 ActiveX clsid access RuleID : 8795 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAPoint2.1 ActiveX function call ... RuleID : 8794 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAPoint2.1 ActiveX CLSID unicode access RuleID : 8793 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAPoint2.1 ActiveX clsid access RuleID : 8792 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAPoint3.1 ActiveX function call ... RuleID : 8791 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAPoint3.1 ActiveX CLSID unicode access RuleID : 8790 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAPoint3.1 ActiveX clsid access RuleID : 8789 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DASound.1 ActiveX function call a... RuleID : 8788 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DASound.1 ActiveX CLSID unicode access RuleID : 8787 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DASound.1 ActiveX clsid access RuleID : 8786 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAString.1 ActiveX function call ... RuleID : 8785 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAString.1 ActiveX CLSID unicode access RuleID : 8784 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAString.1 ActiveX clsid access RuleID : 8783 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DATransform2.1 ActiveX function c... RuleID : 8782 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DATransform2.1 ActiveX CLSID unicode access RuleID : 8781 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DATransform2.1 ActiveX clsid access RuleID : 8780 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DATransform3.1 ActiveX function c... RuleID : 8779 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DATransform3.1 ActiveX CLSID unicode access RuleID : 8778 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DATransform3.1 ActiveX clsid access RuleID : 8777 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAUserData.1 ActiveX function cal... RuleID : 8776 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAUserData.1 ActiveX CLSID unicode access RuleID : 8775 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAUserData.1 ActiveX clsid access RuleID : 8774 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAVector2.1 ActiveX function call... RuleID : 8773 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAVector2.1 ActiveX CLSID unicode access RuleID : 8772 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAVector2.1 ActiveX clsid access RuleID : 8771 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAVector3.1 ActiveX function call... RuleID : 8770 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAVector3.1 ActiveX CLSID unicode access RuleID : 8769 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAVector3.1 ActiveX clsid access RuleID : 8768 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAView.1 ActiveX function call ac... RuleID : 8767 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAView.1 ActiveX CLSID unicode access RuleID : 8766 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAView.1 ActiveX clsid access RuleID : 8765 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.Sequence ActiveX function call ac... RuleID : 8764 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.Sequence ActiveX CLSID unicode access RuleID : 8763 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.Sequence ActiveX clsid access RuleID : 8762 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.SequencerControl ActiveX function... RuleID : 8761 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.SequencerControl ActiveX CLSID unicode access RuleID : 8760 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.SequencerControl ActiveX clsid ac... RuleID : 8759 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.SpriteControl ActiveX function ca... RuleID : 8758 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.SpriteControl ActiveX CLSID unicode access RuleID : 8757 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.SpriteControl ActiveX clsid access RuleID : 8756 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer LM.AutoEffectBvr.1 ActiveX function call access RuleID : 8755 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | LM.AutoEffectBvr.1 ActiveX CLSID unicode access RuleID : 8754 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer LM.AutoEffectBvr.1 ActiveX clsid access RuleID : 8753 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer LM.LMBehaviorFactory.1 ActiveX function call access RuleID : 8752 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | LM.LMBehaviorFactory.1 ActiveX CLSID unicode access RuleID : 8751 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer LM.LMBehaviorFactory.1 ActiveX clsid access RuleID : 8750 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAEndStyle.1 ActiveX function cal... RuleID : 8749 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAEndStyle.1 ActiveX CLSID unicode access RuleID : 8748 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAEndStyle.1 ActiveX clsid access RuleID : 8747 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAEvent.1 ActiveX function call a... RuleID : 8746 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAEvent.1 ActiveX CLSID unicode access RuleID : 8745 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAEvent.1 ActiveX clsid access RuleID : 8744 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAFontStyle.1 ActiveX function ca... RuleID : 8743 - Revision : 15 - Type : BROWSER-PLUGINS |
2014-01-10 | DirectAnimation.DAFontStyle.1 ActiveX CLSID unicode access RuleID : 8742 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DirectAnimation.DAFontStyle.1 ActiveX clsid access RuleID : 8741 - Revision : 16 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Windows DirectAnimation.StructuredGraphicsControl ActiveX function ... RuleID : 7009 - Revision : 17 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer daxctle.ocx spline method buffer overflow attempt RuleID : 19885 - Revision : 9 - Type : BROWSER-IE |
2014-01-10 | WinZip FileView 6.1 ActiveX function call unicode access RuleID : 18169 - Revision : 3 - Type : WEB-ACTIVEX |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-11-15 | Name : The remote Windows host has an ActiveX control that is affected by arbitrary ... File : winzip_fileview_activex_code_exec.nasl - Type : ACT_GATHER_INFO |
2006-11-14 | Name : Arbitrary code can be executed on the remote host through the web client. File : smb_nt_ms06-067.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:04:41 |
|
2021-04-22 01:05:19 |
|
2020-05-23 13:16:47 |
|
2020-05-23 00:18:30 |
|
2018-10-18 00:19:44 |
|
2018-10-13 00:22:35 |
|
2016-04-26 15:09:50 |
|
2014-02-17 10:37:28 |
|
2014-01-19 21:23:36 |
|
2013-05-11 11:11:20 |
|