WinZip FileView ActiveX Control Vulnerabilities
High Nessus Plugin ID 23648
SynopsisThe remote Windows host has an ActiveX control that is affected by arbitrary code execution and buffer overflow vulnerabilities.
DescriptionThe remote host contains a version of the 'FileView' ActiveX control from Sky Software that is included in third-party products such as WinZip.
The version of this ActiveX control on the remote host reportedly exposes several methods that either can be used to execute arbitrary code or are affected by buffer overflow vulnerabilities. If an attacker can trick a user on the affected host into visiting a specially crafted web page, he can leverage these issues to execute arbitrary code on the host subject to the user's privileges.
SolutionUpgrade to version 6.1.7242.0 or later of the control or WinZip 10 build 7245 or later.