Buffer Overflow in WinZip

Reported February 28, 2004 by iDefense.

 

 

VERSIONS AFFECTED

 

  • WinZip 9.0 latest beta

  • WinZip 8.1 Service Release-1 (SR-1), possibly earlier versions

 

DESCRIPTION

 

A buffer overflow vulnerability in WinZip can result in the arbitrary execution of code on the vulnerable system. This vulnerability is a result of a flaw in the parameter parsing routine. WinZip will crash when it provides long strings to certain parameters of MIME archives (.mim, .uue, .uu, .b64, .bhx, .hqx, and .xxe extensions).

 

 

VENDOR RESPONSE

 

WinZip has made available version 9.0, which doesn’t have the buffer overflow vulnerability.

 

CREDIT

Discovered by iDefense.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish