It's not new at all [CVE-2006-5198] but I noticed that MSF did not have any coverage for Winzip's vulnerable ActiveX methods and the PoC's that I found did not work for me so I put this together last night. The great thing about Winzip is that, like Adobe Acrobat, no one updates it. :-)
[1] WinZip FileView (WZFILEVIEW.FileViewCtrl.61) ActiveX
So run 'svn update' and have fun.
Cheers,
/dean
No comments:
Post a Comment