WinZip FileView ActiveX control unsafe method

2006-11-27T00:00:00
ID SAINT:6C01AA42FC8CFE7B63DB5735ED08E61D
Type saint
Reporter SAINT Corporation
Modified 2006-11-27T00:00:00

Description

Added: 11/27/2006
CVE: CVE-2006-5198
BID: 21060
OSVDB: 30433

Background

WinZip includes the FileView ActiveX control which provides a user interface similar to the file view pane in Windows Explorer.

Problem

The FileView ActiveX control is marked "safe for scripting" and exposes several unsafe methods which can be used to execute arbitrary commands.

Resolution

Upgrade to WinZip 10.0 Build 7245 or higher or WinZip 11.0 or higher.

References

<http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0247.html>

Limitations

Exploit works on WinZip 10.0 Build 6667 and requires a user to load the exploit page in Internet Explorer.

Platforms

Windows 2000
Windows XP SP0 / Windows XP SP1
Windows XP SP2 / Windows XP