Reported
February 28, 2004 by iDefense.
VERSIONS
AFFECTED
WinZip 9.0 latest beta
WinZip 8.1 Service
Release-1 (SR-1), possibly earlier versions
DESCRIPTION
A buffer overflow vulnerability
in WinZip can result in the arbitrary execution of code on the vulnerable
system. This vulnerability is a result of a flaw in the parameter parsing
routine. WinZip will crash when it provides long strings to certain parameters
of MIME archives (.mim, .uue, .uu, .b64, .bhx, .hqx, and .xxe extensions).
VENDOR
RESPONSE
WinZip has made available version 9.0,
which doesn’t have the buffer overflow vulnerability.
CREDIT
Discovered by
iDefense.
Buffer Overflow in WinZip
0 comments
Hide comments