Threat Level: green Handler on Duty: Russ McRee

SANS ISC: InfoSec Handlers Diary Blog - Critical security vulnerability in WinZip 10 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Critical security vulnerability in WinZip 10

Published: 2006-11-15
Last Updated: 2006-11-15 19:48:38 UTC
by Bojan Zdrnja (Version: 3)
0 comment(s)
WinZip Computing released a new build of WinZip 10 that fixes a critical security vulnerability in this popular ZIP program.

The vulnerability exists in an ActiveX component that is shipped with WinZip 10 only (so if you are running previous versions of WinZip you are not affected by this vulnerability). This ActiveX component is marked safe for scripting which means that a remote attacker can exploit it if you visit a web page hosting the exploit.

Build 7245 of WinZip 10 is available at http://www.winzip.com/wz7245.htm. If you, for some reason, can not upgrade, you should disable the affected ActiveX control (WZFILEVIEW.FileViewCtrl.61) ? its CLSID is A09AE68F-B14D-43ED-B713-BA413F034904.

UPDATE:

MS06-067 (http://isc.sans.org/diary.php?storyid=1854) actually disables this vulnerability. Beside the other things that this update does, it also sets the kill bits for vulnerable ActiveX components.

Thanks to Carl for spotting this.

UPDATE 2:

Couple of exploits for this vulnerability have been already released, so be sure to either patch WinZip or install MS06-067.

Thanks to Juha-Matti for sending information about this.

Keywords:
0 comment(s)
Diary Archives