TUCoPS :: Windows Apps :: c07-1527.htm

WinZip10.0 FileView ActiveX Controls CreateNewFolderFromName Method Buffer overflow
WinZip10.0 FileView ActiveX Controls CreateNewFolderFromName Method Buffer overflow
WinZip10.0 FileView ActiveX Controls CreateNewFolderFromName Method Buffer overflow


The first flaw is due to errors in the "WZFILEVIEW.FileViewCtrl.61" ActiveX control that does not validate input passed to CreateNewFolderFromName methods,When you pass a long string(length>235),It will bead to buffer overflow .which could be exploited by remote attackers to execute arbitrary commands by tricking a user into visiting a specially crafted web page.
   Because of the prior vuln in FileView ActiveX Control,Micorsoft has disabled this ActiveX Controls,
		     To test this vuln,You can delete the key:
		     [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{A09AE68F-B14D-43ED-B713-BA413F034904}]
         "Compatibility Flags"=dword:00000400
         I have test the exploit on Windows 2000+sp4(CN) and Windows xp+sp2(CN) and Winzip 10.0(6667),you can try other version.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH