# Winzip Unspecified Multiple Buffer Overflow Vulnerabilities (Highly critical)



## jgvernonco (Sep 13, 2003)

Winzip Unspecified Multiple Buffer Overflow Vulnerabilities

SECUNIA ADVISORY ID:
SA12430

VERIFY ADVISORY:
http://secunia.com/advisories/12430/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
WinZip 9.x
http://secunia.com/product/567/
WinZip 8.x
http://secunia.com/product/566/
WinZip 7.x
http://secunia.com/product/568/
WinZip 6.x
http://secunia.com/product/569/
WinZip 3.x
http://secunia.com/product/570/

DESCRIPTION:
Multiple vulnerabilities has been reported in Winzip, which
potentially can be exploited to compromise a user's system.

1) Some unspecified vulnerabilities which can be exploited to cause
buffer overflows. Successful exploitation can potentially lead to
execution of arbitrary code.

2) A problem caused due to insufficient validation of command-line
arguments. This can be exploited by using a specially crafted
argument to cause a buffer overflow and potentially execute arbitrary
code.

SOLUTION:
Update to 9.0 SR-1:
http://www.winzip.com/upgrade.htm

PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.


----------

