Winzip

Winzip

15 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.1

CVE-2025-33028

  • EPSS 0.03%
  • Veröffentlicht 15.04.2025 00:00:00
  • Zuletzt bearbeitet 04.08.2025 19:15:30

In WinZip through 29.0, there is a Mark-of-the-Web Bypass Vulnerability because of an incomplete fix for CVE-2024-8811. This vulnerability allows attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of WinZip. User i...

8.8

CVE-2025-1240

  • EPSS 0.47%
  • Veröffentlicht 11.02.2025 22:15:29
  • Zuletzt bearbeitet 18.08.2025 18:14:05

WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of WinZip. User interaction is required to exploit this vulnerability in th...

7.8

CVE-2024-8811

  • EPSS 0.05%
  • Veröffentlicht 22.11.2024 21:15:19
  • Zuletzt bearbeitet 03.01.2025 22:49:49

WinZip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of WinZip. User interaction is required to exploit this vulnerability in that the tar...

7.5

CVE-2008-3442

  • EPSS 0.65%
  • Veröffentlicht 01.08.2008 14:41:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

WinZip before 11.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

6.6

CVE-2007-0264

  • EPSS 0.14%
  • Veröffentlicht 16.01.2007 23:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Buffer overflow in Winzip32.exe in WinZip 9.0 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long command line argument. NOTE: this issue may cross privilege boundaries if an application...

9.3

CVE-2006-6884

  • EPSS 9.45%
  • Veröffentlicht 31.12.2006 05:00:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Buffer overflow in the WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 Build 6667 allows remote attackers to execute arbitrary code via a long argument to the CreateNewFolderFromName method, a ...

9.3

CVE-2006-3890

Exploit
  • EPSS 49.56%
  • Veröffentlicht 21.11.2006 22:07:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW obj...

4

CVE-2006-5198

  • EPSS 73.44%
  • Veröffentlicht 14.11.2006 21:07:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 before build 7245 allows remote attackers to execute arbitrary code via unspecified "unsafe methods."

3.7

CVE-2004-1465

  • EPSS 2.54%
  • Veröffentlicht 31.12.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple buffer overflows in WinZip 9.0 and earlier may allow attackers to execute arbitrary code via multiple vectors, including the command line.

10

CVE-2004-0333

Exploit
  • EPSS 63.01%
  • Veröffentlicht 23.11.2004 05:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters.