cbcvebase.
CVE-2006-5198
published 2006-11-14

CVE-2006-5198: The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 before build 7245 allows remote attackers to…

PriorityP343medium4CVSS 2.0
AVNACHAuNCPIPAN
EXPLOIT
EPSS
60.20%
99.0th percentile
The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 before build 7245 allows remote attackers to execute arbitrary code via unspecified "unsafe methods."

Affected

7 ranges
VendorProductVersion rangeFixed in
winzipwinzip<= 10.0
winzipwinzip
winzipwinzip
winzipwinzip
winzipwinzip
winzipwinzip
winzipwinzip

Detection & IOCsextracted from sources · hover to see the quote

other{A09AE68F-B14D-43ED-B713-BA413F034904}
otherWZFILEVIEW.FileViewCtrl.61
commandCreateNewFolderFromName
other0x0c0c0c0c
  • Detect instantiation of the vulnerable ActiveX control by its CLSID {A09AE68F-B14D-43ED-B713-BA413F034904} in web content or registry
  • Monitor for calls to the CreateNewFolderFromName method on the WZFILEVIEW.FileViewCtrl.61 ActiveX control, especially with long string arguments, as this is the exploited method
  • The exploit uses a heap-spray return address of 0x0c0c0c0c targeting Windows XP SP0-SP2 with IE 6/7; look for this value in memory or network payloads
  • The control is marked safe for scripting and safe for initialization, meaning it can be silently instantiated from a web page; inspect HTML/JS for object tags referencing the CLSID or ProgID WZFILEVIEW.FileViewCtrl.61
  • ·The Metasploit module targets only Windows XP SP0-SP2 with IE 6.0 SP0-SP2 or IE 7; exploitation on other platforms is not confirmed by this module
  • ·Affected versions are WinZip 10.0 up to and including Build 6667; builds beyond 6667 may not be vulnerable to CVE-2006-5198 (note: CVE-2006-6884 is a distinct but related vulnerability in the same control)
  • ·CVE-2006-6884 is a different vulnerability in the same ActiveX control (CreateNewFolderFromName) and should not be confused with CVE-2006-5198

CVSS provenance

nvdv2.04.0MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:N
vulncheck4.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.