CVE-2008-3442
https://notcve.org/view.php?id=CVE-2008-3442
WinZip before 11.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. WinZip anterior a 11.0 no verifica adecuadamente la autenticidad de las actualizaciones, lo cual permite a atacantes de tipo 'hombre en el medio' (man-in-the-middle) ejecutar código de su elección a través de la actualización de un Caballo de Troya, que se manifiesta en el grado de daño y el envenenamiento de la caché DNS. • http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html http://securitytracker.com/id?1020581 http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2007-0264 – WinZip 9.0 - Command Line Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2007-0264
Buffer overflow in Winzip32.exe in WinZip 9.0 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long command line argument. NOTE: this issue may cross privilege boundaries if an application automatically invokes Winzip32.exe for untrusted input filenames, as in the case of a file upload application. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. Un desbordamiento de búfer en el archivo Winzip32.exe en WinZip versión 9.0, permite a los usuarios locales causar una denegación de servicio (bloqueo de aplicación) y posiblemente ejecutar código arbitrario por medio de un argumento largo de línea de comando. NOTA: este problema puede cruzar los límites de privilegios si una aplicación invoca automáticamente el archivo Winzip32.exe para nombres de archivos de entrada no confiables, como en el caso de una aplicación de carga de archivos. • https://www.exploit-db.com/exploits/29447 http://osvdb.org/39800 http://www.securityfocus.com/bid/22020 •
CVE-2006-3890 – WinZip 10.0.7245 - FileView ActiveX Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-3890
Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198. Desbordamiento de búfer basado en la pila en el control ActiveX Sky Software FileView, como el usado en WinZip 10 anterior a build 7245 y en otras ciertas aplicaciones, permite a atacantes remotos ejecutar código de su elección mediante un atributo FilePattern largo en un objeto WZFILEVIEW, una vulnerabilidad diferente que CVE-2006-5198. • https://www.exploit-db.com/exploits/3420 http://secunia.com/advisories/22891 http://www.kb.cert.org/vuls/id/225217 http://www.securityfocus.com/archive/1/451566/100/0/threaded http://www.securityfocus.com/bid/21060 http://www.securityfocus.com/bid/21108 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2006/ms06-067 https://www.exploit-db.com/exploits/2785 •
CVE-2006-5198 – WinZip FileView ActiveX Control Unsafe Method Exposure Vulnerability
https://notcve.org/view.php?id=CVE-2006-5198
The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 before build 7245 allows remote attackers to execute arbitrary code via unspecified "unsafe methods." El control ActiveX WZFILEVIEW.FileViewCtrl.61 (también conocido como control ActiveX Sky Software "FileView") para WinZip 10.0 anterior al build 7245 permite a atacantes remotos ejecutar código de su elección mediante "métodos no seguros" no especificados. This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific flaw exists within the ActiveX control WZFILEVIEW.FileViewCtrl.61, CLSID: A09AE68F-B14D-43ED-B713-BA413F034904 A re-branded version of the "FileView" ActiveX control developed by Sky Software. The object is marked "Safe for Scripting" and exposes several unsafe methods which can be leveraged to result in arbitrary code execution with no further interaction. • https://www.exploit-db.com/exploits/16607 http://isc.sans.org/diary.php?storyid=1861 http://secunia.com/advisories/22891 http://securitytracker.com/id?1017226 http://www.kb.cert.org/vuls/id/512804 http://www.securityfocus.com/archive/1/451589/100/0/threaded http://www.securityfocus.com/bid/21060 http://www.vupen.com/english/advisories/2006/4509 http://www.winzip.com/wz7245.htm http://www.zerodayinitiative.com/advisories/ZDI-06-040.html https://docs.microsoft.com •
CVE-2004-1465 – WinZip 8.1 - Command Line Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2004-1465
Multiple buffer overflows in WinZip 9.0 and earlier may allow attackers to execute arbitrary code via multiple vectors, including the command line. • https://www.exploit-db.com/exploits/1034 http://marc.info/?l=bugtraq&m=109416099301369&w=2 http://securitytracker.com/id?1011132 http://www.ciac.org/ciac/bulletins/o-211.shtml http://www.securityfocus.com/bid/11092 http://www.winzip.com/wz90sr1.htm https://exchange.xforce.ibmcloud.com/vulnerabilities/17192 https://exchange.xforce.ibmcloud.com/vulnerabilities/17197 •