---------------------------------------------------------------------- To improve our services to our customers, we have made a number of additions to the Secunia Advisories and have started translating the advisories to German. The improvements will help our customers to get a better understanding of how we reached our conclusions, how it was rated, our thoughts on exploitation, attack vectors, and scenarios. This includes: * Reason for rating * Extended description * Extended solution * Exploit code or links to exploit code * Deep links Read the full description: http://corporate.secunia.com/products/48/?r=l Contact Secunia Sales for more information: http://corporate.secunia.com/how_to_buy/15/?r=l ---------------------------------------------------------------------- TITLE: WinZip FileView ActiveX Control Insecure Methods SECUNIA ADVISORY ID: SA22891 VERIFY ADVISORY: http://secunia.com/advisories/22891/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: WinZip 10.x http://secunia.com/product/6294/ DESCRIPTION: A vulnerability has been reported in WinZip, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to several unspecified insecure methods in the FileView ActiveX control (WZFILEVIEW.FileViewCtrl.61). This can be exploited to execute arbitrary code via a specially crafted web site. Successful exploitation requires that the user is tricked into visiting a malicious web site. The vulnerability is reported in WinZip 10.0 versions prior to Build 7245. SOLUTION: Update to version 10.0 Build 7245. PROVIDED AND/OR DISCOVERED BY: Discovered by an anonymous person and reported via ZDI. ORIGINAL ADVISORY: WinZip: http://www.winzip.com/wz7245.htm ZDI: http://www.zerodayinitiative.com/advisories/ZDI-06-040.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------