posted on Friday, September 03, 2004 2:44 PM
by
demiliani
Winzip Flaws
I think that the major part of us are using Winzip as the favourite compression tool. If yes, now it's the time for a "forced" software upgrade.
There's a new security alert by Secunia (my favourite source for security flaws) that says that Winzip (all versions from 3.X to 9) has unspecified Multiple Buffer Overflow Vulnerabilities. 
In details there problems are:
1) Some unspecified vulnerabilities which can be exploited to cause buffer overflows. Successful exploitation can potentially lead to execution of arbitrary code.
2) A problem caused due to insufficient validation of command-line arguments. This can be exploited by using a specially crafted argument to cause a buffer overflow and potentially execute arbitrary code.
Solution to this? An upgrade to 9.0 SR-1 version HERE.