Winzip

Winzip

15 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-33028

  • EPSS 0.03%
  • Published 15.04.2025 00:00:00
  • Last modified 04.08.2025 19:15:30

In WinZip through 29.0, there is a Mark-of-the-Web Bypass Vulnerability because of an incomplete fix for CVE-2024-8811. This vulnerability allows attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of WinZip. User i...

8.8

CVE-2025-1240

  • EPSS 0.47%
  • Published 11.02.2025 22:15:29
  • Last modified 18.08.2025 18:14:05

WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of WinZip. User interaction is required to exploit this vulnerability in th...

7.8

CVE-2024-8811

  • EPSS 0.05%
  • Published 22.11.2024 21:15:19
  • Last modified 03.01.2025 22:49:49

WinZip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of WinZip. User interaction is required to exploit this vulnerability in that the tar...

7.5

CVE-2008-3442

  • EPSS 0.65%
  • Published 01.08.2008 14:41:00
  • Last modified 09.04.2025 00:30:58

WinZip before 11.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

6.6

CVE-2007-0264

  • EPSS 0.14%
  • Published 16.01.2007 23:28:00
  • Last modified 09.04.2025 00:30:58

Buffer overflow in Winzip32.exe in WinZip 9.0 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long command line argument. NOTE: this issue may cross privilege boundaries if an application...

9.3

CVE-2006-6884

  • EPSS 9.45%
  • Published 31.12.2006 05:00:00
  • Last modified 09.04.2025 00:30:58

Buffer overflow in the WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 Build 6667 allows remote attackers to execute arbitrary code via a long argument to the CreateNewFolderFromName method, a ...

9.3

CVE-2006-3890

Exploit
  • EPSS 49.56%
  • Published 21.11.2006 22:07:00
  • Last modified 09.04.2025 00:30:58

Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW obj...

4

CVE-2006-5198

  • EPSS 73.44%
  • Published 14.11.2006 21:07:00
  • Last modified 09.04.2025 00:30:58

The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 before build 7245 allows remote attackers to execute arbitrary code via unspecified "unsafe methods."

3.7

CVE-2004-1465

  • EPSS 2.54%
  • Published 31.12.2004 05:00:00
  • Last modified 03.04.2025 01:03:51

Multiple buffer overflows in WinZip 9.0 and earlier may allow attackers to execute arbitrary code via multiple vectors, including the command line.

10

CVE-2004-0333

Exploit
  • EPSS 63.01%
  • Published 23.11.2004 05:00:00
  • Last modified 03.04.2025 01:03:51

Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters.