A buffer overflow vulnerability in the WinZip program could allow a remote attacker to execute arbitrary code on a vulnerable system.
WinZip Computing, Inc.'s WinZip is a popular utility for creating and extracting a variety of archive file formats on Microsoft Windows-based systems. A buffer overflow error exists in the way that WinZip handles certain parameters of MIME archives.
This error results in a vulnerability when WinZip attempts to interpret invalid data in a MIME-encoded file.
An attacker could execute arbitrary code of their choice on a vulnerable system.
Upgrade to the latest version of the software
Thanks to iDefense Security Advisory for reporting this vulnerability.
This document was written by Chad R Dougherty based on information provided by iDefense and WinZip
|Date First Published:||2004-03-01|
|Date Last Updated:||2004-03-01 15:50 UTC|