Name of the Vulnerable Software and Affected Versions:

WinZip versions prior to 29.0

Description:

The issue is related to a Mark-of-the-Web Bypass Vulnerability in WinZip, allowing remote attackers to bypass the Mark-of-the-Web protection mechanism. This can be exploited when a user opens a malicious file or visits a malicious page, potentially leading to arbitrary code execution in the context of the current user. The vulnerability exists within the handling of archive files, where WinZip removes the Mark-of-the-Web from the archive file and the extracted files lack the Mark-of-the-Web.

Recommendations:

For versions prior to 29.0, update to version 29.0 or later to resolve the issue. As a temporary workaround, consider avoiding the use of WinZip for handling archive files until a patch is applied. Restrict access to potentially malicious files and websites to minimize the risk of exploitation.