Reported February 28, 2004 by iDefense.

 

 

VERSIONS AFFECTED

 

  • WinZip 9.0 latest beta

  • WinZip 8.1 Service Release-1 (SR-1), possibly earlier versions

 

DESCRIPTION

 

A buffer overflow vulnerability in WinZip can result in the arbitrary execution of code on the vulnerable system. This vulnerability is a result of a flaw in the parameter parsing routine. WinZip will crash when it provides long strings to certain parameters of MIME archives (.mim, .uue, .uu, .b64, .bhx, .hqx, and .xxe extensions).

<span style="font-family:Verdana"> </h3>

 

VENDOR RESPONSE

 

WinZip has made available version 9.0, which doesn’t have the buffer overflow vulnerability.

 

CREDIT

Discovered by iDefense.