WinZip new vulnerability

einander · Post by **einander** » Mon Mar 01, 2004 11:30 am

A vulnerability in Winzip allows arbitrary code execution just by opening a ZIP file.

http://www.winzip.com/fmwz90.htm

This issue affects all earlier versions of WinZip since WinZip 6.2, including WinZip 8.1 and WinZip 9.0 beta.

The first version of WinZip in which the problem is corrected is WinZip 9.0, released in February, 2004.

Post by **Dare2** » Mon Mar 01, 2004 11:48 am

Thanks for the heads-up.

Dreglor · Post by **Dreglor** » Tue Mar 02, 2004 10:55 am

i kind it find it funny that practicly every program has this "buffer-overflow" problem

don't get a new version of winzip get, toss windows and get linux!

Post by **Dare2** » Tue Mar 02, 2004 11:48 am

Yep, I have never had that problem with linux.
. . .
mainly because I have never managed to get it to run.

freedimension · Post by **freedimension** » Tue Mar 02, 2004 12:36 pm

Dreglor wrote:i kind it find it funny that practicly every program has this "buffer-overflow" problem
don't get a new version of winzip get, toss windows and get linux!

And Linux doesn't have this kind of Problems? Oh, come on. After all it is programmed in C/C++ too.
The good thing about Linux is: it isn't that widespread than Windows and therefore, if a hacker wants to get famous, he attacks Windows.

Karbon · Post by **Karbon** » Tue Mar 02, 2004 1:46 pm

You only need to go read some Linux security websites to see that these kinds of exploits are all over for Linux too.

Dreglor · Post by **Dreglor** » Tue Mar 02, 2004 8:43 pm

i didn't say they did it just you don't see big problems come from them becasue most hackers are trying to get into windows system becasue there widely used and there so easy after you get something in there :\

at least linux has some protection after some one gets in

freedimension · Post by **freedimension** » Tue Mar 02, 2004 10:42 pm

Dreglor wrote:at least linux has some protection after some one gets in

Windows has this too, at least the NT variants. The problem here is, most people go online as administrator.
The bad thing with M$ Software is the default setting.
Two Examples:
- Standard user after installation has admin rights
- Outlook Express opens Mails without user interaction, just to show it in the Preview Window

blueznl · Post by **blueznl** » Thu Mar 04, 2004 1:05 am

never used winzip, am i safe now?

(nah, using total commander for *anything* except brushing my teeth, which i don't do much anyway)

:roll:

El_Choni · Post by **El_Choni** » Thu Mar 04, 2004 3:48 am

LOL! Who needs teeth? You can have food injected nowadays! LOL

gnozal · Post by **gnozal** » Thu Mar 04, 2004 11:13 am

I never understood why this obsolete ZIP format is still used, and why people are paying for such a thing as WinZip 8O
There are many freeware archivers wich can handle ZIP files and many other much more powerfull formats, shareware (WinRAR...) or freeware (7-Zip...)

Post by **Dare2** » Thu Mar 04, 2004 12:15 pm

7Zip is good!

freedimension · Post by **freedimension** » Thu Mar 04, 2004 12:31 pm

Or WinAce. I had a photoshop file that compressed with WinAce took 700k, with Zip 1.4Meg 8O

blueznl · Post by **blueznl** » Fri Mar 05, 2004 12:51 am

ace rar arj zip xxx all with total commander

and it's even a file manager!

gnozal · Post by **gnozal** » Fri Mar 05, 2004 9:19 am

blueznl wrote:ace rar arj zip xxx all with total commander

Yes, and with the MultiArc plugin you can handle _any_ type of archive, including Installshield cabs