Tech Talk Discuss PC Hardware, Software, Internet and Other Technology

Major WinZip Security Vulnerability Announced

Old 02-27-04, 06:28 PM
  #1  
DVD Talk Hero
Thread Starter
 
jfoobar's Avatar
 
Join Date: Jun 2000
Posts: 37,565
Major WinZip Security Vulnerability Announced

Well, actually, iDefense published this over two weeks ago but there are finally enough details available now, included several new affected file extensions that were not previously mentioned:

http://www.securitytracker.com/alert...b/1009242.html

===================================================
WinZip MIME Archive Buffer Overflow Lets Remote Users Execute Arbitrary Code

SecurityTracker Alert ID: 1009242
CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)
Updated: Feb 27 2004

Original Entry Date: Feb 27 2004

Impact: Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network

Fix Available: Yes Vendor Confirmed: Yes

Advisory: iDEFENSE

Version(s): prior to 9.0 (9.0 beta versions are vulnerable)

Description: iDEFENSE reported a vulnerability in WinZip in the processing of MIME archives. A remote user can cause arbitrary code to be executed on a target user's system.

t is reported that there is a buffer overflow in the UUDeview component. A remote user can create a malicious MIME archive (.mim, .uue, .uu, .b64, .bhx, .hqx, and .xxe extensions) that, when opened by a target user, will cause WinZip to crash or execute arbitrary code. The code will run with the privileges of the target user.

The original advisory is available at:

http://www.idefense.com/application/...y?id=76&type=v ulnerabilities

Impact: A remote user can cause arbitrary code to be executed on a target user's computer when the target user opens a malicious MIME archive. The code will run with the privileges of the target user.

Solution: The vendor has released a fixed version (9.0), available at:

http://www.winzip.com/

Vendor URL: www.winzip.com/ (Links to External Site)

Cause: Boundary error

Underlying OS: Windows (Any)

Reported By: [email protected]
===================================================

I suggest that you add these MIMI-related extensions to your mental (do not open unless I am expecting them from a friend) email list and upgrade to 9.0 as soon as possible.

I suspect this vulnerability may be the foundation of a mass-mailing worm (or a dozen) fairly soon.
jfoobar is offline  
Old 02-27-04, 07:34 PM
  #2  
DVD Talk Special Edition
 
Join Date: Jul 2002
Location: North Bay Area, CA
Posts: 1,076
Use WinRAR, a much better program in speed and compression.
Tazwolff is offline  
Old 02-27-04, 07:43 PM
  #3  
DVD Talk Legend
 
Join Date: Oct 1999
Location: Second Star on the right, and straight on til' morning...
Posts: 14,795
Originally posted by Tazwolff
Use WinRAR, a much better program in speed and compression.
Maybe so, but you can't prevent OTHERS from using winzip and sending you such items.
Seeker is offline  
Old 02-27-04, 08:34 PM
  #4  
duz
DVD Talk Special Edition
 
Join Date: Feb 2003
Posts: 1,179
Originally posted by Seeker
Maybe so, but you can't prevent OTHERS from using winzip and sending you such items.
But if you're using winrar then you are unaffected. Not that you should be opening those files with winrar anyways but thats another matter.
duz is offline  

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Thread Tools
Search this Thread

Archive Advertising Cookie Policy Privacy Statement Terms of Service

Copyright 2018 MH Sub I, LLC dba Internet Brands. All rights reserved. Use of this site indicates your consent to the Terms of Use.