Unrated severityNVD Advisory· Published Nov 21, 2006· Updated Apr 23, 2026

CVE-2006-3890

Description

Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198.

Affected products

Sky Software/Fileview Activex Control
cpe:2.3:a:sky_software:fileview_activex_control:*:*:*:*:*:*:*:*
Winzip/Winzip6 versions
cpe:2.3:a:winzip:winzip:*:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:winzip:winzip:*:*:*:*:*:*:*:*range: <=10.0
- cpe:2.3:a:winzip:winzip:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:winzip:winzip:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:winzip:winzip:8.1:*:*:*:*:*:*:*
- cpe:2.3:a:winzip:winzip:8.1:sr1:*:*:*:*:*:*
- cpe:2.3:a:winzip:winzip:9.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.kb.cert.org/vuls/id/225217nvdPatchUS Government Resource
secunia.com/advisories/22891nvdExploitPatchVendor Advisory
www.securityfocus.com/bid/21060nvdExploitPatch
www.securityfocus.com/archive/1/451566/100/0/threadednvd
www.securityfocus.com/bid/21108nvd
docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067nvd
www.exploit-db.com/exploits/2785nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.040
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000