Friday, July 30, 2010
Register  Login
  Our sponsors   
  Users currently online   
Membership Membership:
Latest New User Latest: SullyC
New Today New Today: 0
New Yesterday New Yesterday: 0
User Count Overall: 53
People Online People Online:
Visitors Visitors: 5
Members Members: 0
Total Total: 5
Online Now Online Now:
Click here to visit OS-Cubed, Inc.
Viruswarn banner
you are here: Forums  Search

Welcome to the Viruswarning forums.  All your original content has been ported to the new forums as  well as new content and additional opportunities to interact with the authors of Viruswarn.com.  You can always access old content at www.leedrake.com/forum .  You may find some formatting was lost in the conversion and the older versions of the posts to be more readable....

But at least it's all here.

Enjoy!
  Viruswarn Forums
Forums > Viruswarning Forum > Viruswarning archive
Subject: Remote Code Execution Vulnerability in WinZip 10.0

You are not authorized to post a reply.   
Author Messages
David Gray
Posts:17
12/16/2006 5:29 PM  

What Is It?

There is a remote code execution vulnerability in all builds of WinZip, version 10.0. This means that a remote user could run arbitrary code that can do anything that you can do. As with all such remote code execution vulnerabilities, this means that an attacker could, theoretically, take over your machine.

What Should You Do?

Although there are no known exploits of this vulnerability, WinZip has published Build 7245, which corrects the problem.

If you instructed WinZip to automatically notify you of this update, and you chose to skip it, you should reconsider that decision. Since the update was just released on 14 November, you may not have been notified, unless you've used WinZip within the last two weeks, and have the program configured to automatically check for updates often.

  • The build number is displayed, in parentheses, just to the right of the version number, in the About Box. To check the version number, do the following.
    • Open WinZip.
    • Choose About WinZip from the Help menu.
  • On the very same About Box, there is a "Check for Update" button, which you can use at any time to check for, and obtain, updates.

You can download the update from http://www.winzip.com/dnldwz.cgi?ENRRWZC, where you will also learn about the optional upgrade to version 11.0, which was released on 15 November 2006, the day after the security update was released.

References

http://www.winzip.com/wz7245.htm describes WinZip 10.0 Build 7245 and the security issue.

http://www.winzip.com/dnldwz.cgi?ENRRWZC is the WinZip 10.0 Build 7245 download page.

David Gray, MBA, Chief Wizard
WizardWrx, formerly P6 Consulting
WizardWrx Logo V: +1 (817) 812-3041
TZ: USA Central, GMT -6
E: dagray@wizardwrx.com
W: www.wizardwrx.com
 5006 Cloyce Court
North Richland Hills, TX 76180-6944
USA		 20 Years of Experience & Independence - 1985-2005
Tell me what you need, and I’ll conjure it.
You are not authorized to post a reply.
Forums > Viruswarning Forum > Viruswarning archive > Remote Code Execution Vulnerability in WinZip 10.0


ActiveForums 3.6
  Register or Login


Forgot Password ?
Copyright 2006 by OS-Cubed, Inc.   Terms Of Use  Privacy Statement