Detections
Analytics

WinZip <= 9.0 Multiple Unspecified Overflows

low Nessus Plugin ID 17362

Synopsis

The remote host has an application that is affected by multiple buffer overflow vulnerabilities.

Description

The remote host is using a version of WinZip that is prior to 9.0-SR1.
It is, therefore, affected by several buffer overflow flaws that can allow an attacker to execute arbitrary code on the host by convincing a user to open a malformed archive file.

Solution

Upgrade to WinZip 9.0-SR1 or later.

See Also

https://www.winzip.com/wz90sr1.htm

Plugin Details

Severity: Low

ID: 17362

File Name: winzip_overflows.nasl

Version: 1.18

Type: local

Agent: windows

Family: Windows

Published: 3/18/2005

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: Low

Base Score: 3.7

Temporal Score: 2.9

Vector: CVSS2#AV:L/AC:H/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:winzip:winzip

Required KB Items: SMB/Registry/Enumerated, installed_sw/WinZip

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 9/1/2004

Reference Information

CVE: CVE-2004-1465

BID: 11092