PT-2007-1736 · Winzip · Winzip

Published

2007-01-16

Updated

2008-11-15

CVE-2007-0264

CVSS v2.0

6.6

Medium

Vector

AV:L/AC:M/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions WinZip version 9.0

Description A buffer overflow issue in Winzip32.exe allows local users to cause a denial of service, potentially leading to an application crash, and may also enable the execution of arbitrary code via a long command line argument. This issue could potentially cross privilege boundaries if an application automatically invokes Winzip32.exe for untrusted input filenames.

Recommendations For WinZip version 9.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-0264

Affected Products

Winzip

PT-2007-1736 · Winzip · Winzip

CVE-2007-0264

Related Identifiers

Affected Products

References · 4