CVSS: 8.1EPSS: 0%CPEs: 7EXPL: 0CVE-2008-3442
https://notcve.org/view.php?id=CVE-2008-3442
01 Aug 2008 — WinZip before 11.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning. WinZip anterior a 11.0 no verifica adecuadamente la autenticidad de las actualizaciones, lo cual permite a atacantes de tipo 'hombre en el medio' (man-in-the-middle) ejecutar código de su elección a través de la actualización de un Caballo de Troya, que se manifiesta en el grado de daño y e... • http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 54%CPEs: 7EXPL: 4CVE-2006-3890 – WinZip 10.0.7245 - FileView ActiveX Buffer Overflow
https://notcve.org/view.php?id=CVE-2006-3890
21 Nov 2006 — Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198. Desbordamiento de búfer basado en la pila en el control ActiveX Sky Software FileView, como el usado en WinZip 10 anterior a build 7245 y en otras ciertas aplicaciones, permite a atacantes remotos ejecutar códig... • https://www.exploit-db.com/exploits/3420 •
CVSS: 9.8EPSS: 2%CPEs: 5EXPL: 1CVE-2004-1465 – WinZip 8.1 - Command Line Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2004-1465
31 Dec 2004 — Multiple buffer overflows in WinZip 9.0 and earlier may allow attackers to execute arbitrary code via multiple vectors, including the command line. • https://www.exploit-db.com/exploits/1034 •
CVSS: 10.0EPSS: 59%CPEs: 11EXPL: 2CVE-2004-0333 – WinZip - MIME Parsing Overflow
https://notcve.org/view.php?id=CVE-2004-0333
18 Mar 2004 — Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters. • https://www.exploit-db.com/exploits/272 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2003-1376
https://notcve.org/view.php?id=CVE-2003-1376
31 Dec 2003 — WinZip 8.0 uses weak random number generation for password protected ZIP files, which allows local users to brute force the encryption keys and extract the data from the zip file by guessing the state of the stream coder. • http://securityreason.com/securityalert/3265 • CWE-255: Credentials Management Errors •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2001-0449
https://notcve.org/view.php?id=CVE-2001-0449
27 Jun 2001 — Buffer overflow in WinZip 8.0 allows attackers to execute arbitrary commands via a long file name that is processed by the /zipandemail command line option. • http://www.securityfocus.com/archive/1/166211 •