WinZip FileView ActiveX Control Multiple Vulnerabilities
Secunia Advisory: SA22891 Release Date: 2006-11-15 Last Update: 2006-11-16
Software: WinZip 10.x
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Some vulnerabilities have been reported in WinZip, which can be exploited by malicious people to compromise a user's system.
1) Several unspecified insecure methods exist in the FileView ActiveX control (WZFILEVIEW.FileViewCtrl.61). This can be exploited to execute arbitrary code when a user e.g. visits a malicious website.
2) A boundary error in the FileView ActiveX control within the handling of the "filepattern" property can be exploited to cause a buffer overflow.
The vulnerabilities are reported in WinZip 10.0 versions prior to Build 7245.
Solution: Update to version 10.0 Build 7245.
Original Advisory: WinZip: http://www.winzip.com/wz7245.htm