PureBasic Forums - English

http://www.purebasic.com
https://www.purebasic.fr/english/

WinZip new vulnerability

https://www.purebasic.fr/english/viewtopic.php?t=9694

Page 1 of 2

WinZip new vulnerability

Posted: Mon Mar 01, 2004 11:30 am
by einander
A vulnerability in Winzip allows arbitrary code execution just by opening a ZIP file.

http://www.winzip.com/fmwz90.htm

This issue affects all earlier versions of WinZip since WinZip 6.2, including WinZip 8.1 and WinZip 9.0 beta.

The first version of WinZip in which the problem is corrected is WinZip 9.0, released in February, 2004.

Posted: Mon Mar 01, 2004 11:48 am
by Dare2
Thanks for the heads-up.

Posted: Tue Mar 02, 2004 10:55 am
by Dreglor
i kind it find it funny that practicly every program has this "buffer-overflow" problem :|
don't get a new version of winzip get, toss windows and get linux!

Posted: Tue Mar 02, 2004 11:48 am
by Dare2
Yep, I have never had that problem with linux.
  . . .
mainly because I have never managed to get it to run. :)

Posted: Tue Mar 02, 2004 12:36 pm
by freedimension
Dreglor wrote:i kind it find it funny that practicly every program has this "buffer-overflow" problem :|
don't get a new version of winzip get, toss windows and get linux!
And Linux doesn't have this kind of Problems? Oh, come on. After all it is programmed in C/C++ too.
The good thing about Linux is: it isn't that widespread than Windows and therefore, if a hacker wants to get famous, he attacks Windows.

Posted: Tue Mar 02, 2004 1:46 pm
by Karbon
You only need to go read some Linux security websites to see that these kinds of exploits are all over for Linux too.

Posted: Tue Mar 02, 2004 8:43 pm
by Dreglor
i didn't say they did it just you don't see big problems come from them becasue most hackers are trying to get into windows system becasue there widely used and there so easy after you get something in there :\

at least linux has some protection after some one gets in

Posted: Tue Mar 02, 2004 10:42 pm
by freedimension
Dreglor wrote:at least linux has some protection after some one gets in
Windows has this too, at least the NT variants. The problem here is, most people go online as administrator.
The bad thing with M$ Software is the default setting.
Two Examples:
- Standard user after installation has admin rights
- Outlook Express opens Mails without user interaction, just to show it in the Preview Window

Posted: Thu Mar 04, 2004 1:05 am
by blueznl
never used winzip, am i safe now? :-)

(nah, using total commander for *anything* except brushing my teeth, which i don't do much anyway)

:roll:

:mrgreen:

Posted: Thu Mar 04, 2004 3:48 am
by El_Choni
LOL! Who needs teeth? You can have food injected nowadays! LOL

Posted: Thu Mar 04, 2004 11:13 am
by gnozal
I never understood why this obsolete ZIP format is still used, and why people are paying for such a thing as WinZip 8O
There are many freeware archivers wich can handle ZIP files and many other much more powerfull formats, shareware (WinRAR...) or freeware (7-Zip...)

Posted: Thu Mar 04, 2004 12:15 pm
by Dare2
7Zip is good!

Posted: Thu Mar 04, 2004 12:31 pm
by freedimension
Or WinAce. I had a photoshop file that compressed with WinAce took 700k, with Zip 1.4Meg 8O

Posted: Fri Mar 05, 2004 12:51 am
by blueznl
ace rar arj zip xxx all with total commander :-)

and it's even a file manager! :-)

Posted: Fri Mar 05, 2004 9:19 am
by gnozal
blueznl wrote:ace rar arj zip xxx all with total commander :-)
Yes, and with the MultiArc plugin you can handle _any_ type of archive, including Installshield cabs :D
All times are UTC+01:00
Page 1 of 2

Powered by phpBB® Forum Software © phpBB Limited