Tuesday, January 13, 2009

Winzip FileView ActiveX Exploit

It's not new at all [CVE-2006-5198] but I noticed that MSF did not have any coverage for Winzip's vulnerable ActiveX methods and the PoC's that I found did not work for me so I put this together last night. The great thing about Winzip is that, like Adobe Acrobat, no one updates it. :-)

[1] WinZip FileView (WZFILEVIEW.FileViewCtrl.61) ActiveX

So run 'svn update' and have fun.

dean de beer

No comments: