The Sky Software FileView ActiveX control contains a buffer overflow vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
The Sky Software FileView object is an ActiveX control that is provided with several applications, such as WinZip. This ActiveX control contains a buffer overflow vulnerability in the handling of the filepattern property. Exploit code for this vulnerability is publicly available.
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user. The attacker could also cause Internet Explorer (or the program using the WebBrowser control) to crash.
Apply an update
Thanks to Dan Plakosh and Will Dormann of CERT/CC for reporting this vulnerability. Before this vulnerability was able to reach a coordinated disclosure date, this vulnerability was publicly disclosed by Micheal Turner.
This document was written by Will Dormann.
|Date First Published:||2006-11-16|
|Date Last Updated:||2006-11-20 16:35 UTC|