Wed, Nov 15 2006 5:58
Don
WinZip FileView ActiveX Control Insecure Methods
Description:
A vulnerability has been reported in WinZip, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to several unspecified insecure methods
in the FileView ActiveX control (WZFILEVIEW.FileViewCtrl.61). This can
be exploited to execute arbitrary code via a specially crafted web site.
Successful exploitation requires that the user is tricked into visiting a malicious web site.
The vulnerability is reported in WinZip 10.0 versions prior to Build 7245.
Solution:
Update to version 10.0 Build 7245.
Secunia
Filed under: Advisories / Bulletins