CVE-2025-1240

Name of the Vulnerable Software and Affected Versions WinZip versions prior to 29.0

Description The issue is related to the parsing of 7Z files in WinZip, which can result in a write past the end of an allocated buffer due to the lack of proper validation of user-supplied data. This can allow remote attackers to execute arbitrary code on affected installations of WinZip. User interaction is required to exploit this vulnerability, such as visiting a malicious page or opening a malicious file. The vulnerability can be exploited to execute code in the context of the current process, potentially allowing full system compromise.

Recommendations For versions prior to 29.0, update to WinZip 29.0 to mitigate the risks. As a temporary workaround, consider avoiding the use of 7Z file parsing until a patch is available. Restrict access to malicious 7Z files to minimize the risk of exploitation.