Winzip Vulnerabilities

[TCH-Thomas]

Multiple vulnerabilities has been reported in Winzip, which potentially can be exploited to compromise a user's system.

 

1) Some unspecified vulnerabilities which can be exploited to cause buffer overflows. Successful exploitation can potentially lead to execution of arbitrary code.

 

2) A problem caused due to insufficient validation of command-line arguments. This can be exploited by using a specially crafted argument to cause a buffer overflow and potentially execute arbitrary code.

 

Read more

[borfast]

Oh goodie, this is getting better, now Windows users can't trust Winzip, either.

To be honest, I don't really know why, but I never liked Winzip much. I just had some sort of bad feeling about it. Perhaps this was it

[Deverill]

Same here about liking winzip. WinRar at www.rarlab.com is a great alternative. It's only US$21 and compresses better, has a Zip-compatible switch and is a much nicer program in general. There is an unregistered mode but you don't get all the features... it's still usable though but $21 is pretty cheap for such a great tool.

 

I don't understand it - all the buffer overflow problems programs have. It's easy to write the program to handle them but sloppy programmers = buggy programs.

[TCH-Thomas]

I´ve never really understood how to use winrar.

[Deverill]

I usually right-click a file (already compressed or to-be compressed) and select the WinRar context menu option. The regular program window is not too hard to follow. If you have any specific questions PM me and I'll see if I can help. (Don't want to totally hijack this thread).

 

Uhm, oh yeah, with the zip password crackers I don't put my other passwords in a zip file. (Had to say something on the original topic! )