WinZip Computing released a new build of WinZip 10 that fixes a critical security vulnerability in this popular ZIP program.
The vulnerability exists in an ActiveX component that is shipped with WinZip 10 only (so if you are running previous versions of WinZip you are not affected by this vulnerability). This ActiveX component is marked safe for scripting which means that a remote attacker can exploit it if you visit a web page hosting the exploit.
Build 7245 of WinZip 10 is available at http://www.winzip.com/wz7245.htm. If you, for some reason, can not upgrade, you should disable the affected ActiveX control (WZFILEVIEW.FileViewCtrl.61) ? its CLSID is A09AE68F-B14D-43ED-B713-BA413F034904.
I will be teaching next: Web App Penetration Testing and Ethical Hacking - SANS Munich July 2019
Nov 15th 2006
1 decade ago