CVE-2003-1376
Severity Score
4.6
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
WinZip 8.0 uses weak random number generation for password protected ZIP files, which allows local users to brute force the encryption keys and extract the data from the zip file by guessing the state of the stream coder.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2003-12-31 CVE Published
- 2007-10-18 CVE Reserved
- 2023-03-08 EPSS Updated
- 2024-08-08 CVE Updated
- 2024-08-08 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-255: Credentials Management Errors
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://securityreason.com/securityalert/3265 | Third Party Advisory | |
| http://www.securityfocus.com/bid/6805 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/11296 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| http://www.securityfocus.com/archive/1/311059 | 2024-08-08 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|