Jump to content

Winzip Vulnerabilities


Recommended Posts

Multiple vulnerabilities has been reported in Winzip, which potentially can be exploited to compromise a user's system.

 

1) Some unspecified vulnerabilities which can be exploited to cause buffer overflows. Successful exploitation can potentially lead to execution of arbitrary code.

 

2) A problem caused due to insufficient validation of command-line arguments. This can be exploited by using a specially crafted argument to cause a buffer overflow and potentially execute arbitrary code.

 

Read more

Link to post
Share on other sites

Oh goodie, this is getting better, now Windows users can't trust Winzip, either.

To be honest, I don't really know why, but I never liked Winzip much. I just had some sort of bad feeling about it. Perhaps this was it :D

Link to post
Share on other sites

Same here about liking winzip. WinRar at www.rarlab.com is a great alternative. It's only US$21 and compresses better, has a Zip-compatible switch and is a much nicer program in general. There is an unregistered mode but you don't get all the features... it's still usable though but $21 is pretty cheap for such a great tool.

 

I don't understand it - all the buffer overflow problems programs have. It's easy to write the program to handle them but sloppy programmers = buggy programs.

Link to post
Share on other sites

I usually right-click a file (already compressed or to-be compressed) and select the WinRar context menu option. The regular program window is not too hard to follow. If you have any specific questions PM me and I'll see if I can help. (Don't want to totally hijack this thread).

 

Uhm, oh yeah, with the zip password crackers I don't put my other passwords in a zip file. (Had to say something on the original topic! :unsure:)

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...