CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8811 – WinZip Mark-of-the-Web Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2024-8811
17 Sep 2024 — WinZip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archive files. When opening an archive that bears the Mark-of-the-Web, WinZip removes the Mark-of-the-Web from the archive file. • https://www.zerodayinitiative.com/advisories/ZDI-24-1234 • CWE-693: Protection Mechanism Failure •
CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 0CVE-2008-3442
https://notcve.org/view.php?id=CVE-2008-3442
01 Aug 2008 — WinZip before 11.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. WinZip anterior a 11.0 no verifica adecuadamente la autenticidad de las actualizaciones, lo cual permite a atacantes de tipo 'hombre en el medio' (man-in-the-middle) ejecutar código de su elección a través de la actualización de un Caballo de Troya, que se manifiesta en el grado de daño y e... • http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2007-0264 – WinZip 9.0 - Command Line Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-0264
16 Jan 2007 — Buffer overflow in Winzip32.exe in WinZip 9.0 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long command line argument. NOTE: this issue may cross privilege boundaries if an application automatically invokes Winzip32.exe for untrusted input filenames, as in the case of a file upload application. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. Un desbordamiento de búfer en el arc... • https://www.exploit-db.com/exploits/29447 •
CVSS: 9.8EPSS: 9%CPEs: 1EXPL: 3CVE-2006-6884 – WinZip 10.0.7245 - FileView ActiveX Control Stack Overflow (PoC)
https://notcve.org/view.php?id=CVE-2006-6884
31 Dec 2006 — Buffer overflow in the WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 Build 6667 allows remote attackers to execute arbitrary code via a long argument to the CreateNewFolderFromName method, a different vulnerability than CVE-2006-5198. Desbordamiento de búfer en el control WZFILEVIEW.FileViewCtrl.61 ActiveX (también conocido como controlador Sky Software "FileView" ActiveX ) para WinZip 10.0 Build 6667 permite a un atacante remoto ejecutar código de ... • https://www.exploit-db.com/exploits/2783 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 54%CPEs: 7EXPL: 4CVE-2006-3890 – WinZip 10.0.7245 - FileView ActiveX Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-3890
21 Nov 2006 — Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198. Desbordamiento de búfer basado en la pila en el control ActiveX Sky Software FileView, como el usado en WinZip 10 anterior a build 7245 y en otras ciertas aplicaciones, permite a atacantes remotos ejecutar códig... • https://www.exploit-db.com/exploits/3420 •
CVSS: 9.8EPSS: 71%CPEs: 1EXPL: 1CVE-2006-5198 – WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability
https://notcve.org/view.php?id=CVE-2006-5198
14 Nov 2006 — The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 before build 7245 allows remote attackers to execute arbitrary code via unspecified "unsafe methods." El control ActiveX WZFILEVIEW.FileViewCtrl.61 (también conocido como control ActiveX Sky Software "FileView") para WinZip 10.0 anterior al build 7245 permite a atacantes remotos ejecutar código de su elección mediante "métodos no seguros" no especificados. This vulnerability allows remote attackers t... • https://www.exploit-db.com/exploits/16607 •
CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 1CVE-2004-1465 – WinZip 8.1 - Command Line Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2004-1465
31 Dec 2004 — Multiple buffer overflows in WinZip 9.0 and earlier may allow attackers to execute arbitrary code via multiple vectors, including the command line. • https://www.exploit-db.com/exploits/1034 •
CVSS: 10.0EPSS: 8%CPEs: 50EXPL: 1CVE-2004-0234
https://notcve.org/view.php?id=CVE-2004-0234
05 May 2004 — Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive. Múltiples desbordamientos de búfer basados en la pila en la función get_header de header.c de LHA 1.14 utilizado en productos como Barracuda Spam Firewall, permite a atacantes remotos ... • http://archives.neohapsis.com/archives/bugtraq/2006-04/0059.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 7%CPEs: 50EXPL: 1CVE-2004-0235
https://notcve.org/view.php?id=CVE-2004-0235
05 May 2004 — Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path"). Múltiples vulnerabilidades de atravesamiento de directorios en LHA 1.14 permite a atacantes locales o usuarios locales crear ficheros arbitrarios mediante un archivo LHA conteniendo nombres de fichero con secuencias (1) ".." (punto punto) o (2) rutas abs... • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000840 •
CVSS: 10.0EPSS: 59%CPEs: 11EXPL: 2CVE-2004-0333 – WinZip - MIME Parsing Overflow
https://notcve.org/view.php?id=CVE-2004-0333
18 Mar 2004 — Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters. • https://www.exploit-db.com/exploits/272 •