Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Critical security vulnerability in WinZip 10 SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Critical security vulnerability in WinZip 10
WinZip Computing released a new build of WinZip 10 that fixes a critical security vulnerability in this popular ZIP program.

The vulnerability exists in an ActiveX component that is shipped with WinZip 10 only (so if you are running previous versions of WinZip you are not affected by this vulnerability). This ActiveX component is marked safe for scripting which means that a remote attacker can exploit it if you visit a web page hosting the exploit.

Build 7245 of WinZip 10 is available at http://www.winzip.com/wz7245.htm. If you, for some reason, can not upgrade, you should disable the affected ActiveX control (WZFILEVIEW.FileViewCtrl.61) ? its CLSID is A09AE68F-B14D-43ED-B713-BA413F034904.

I will be teaching next: Web App Penetration Testing and Ethical Hacking - SANS Cyber Security East: May 2021

Bojan

396 Posts
ISC Handler
Nov 15th 2006

Sign Up for Free or Log In to start participating in the conversation!