Security - News

Version(s): 9.0 and prior versions Description: Some vulnerabilities were reported in WinZip. A remote or local user may be able to execute arbitrary code. The vendor reported that they discovered some vulnerabilities, including potential buffer overflows, during an internal review of the WinZip code. In addition, a WinZip user discovered a buffer overflow, where a local user can supply a specially crafted WinZip command line to trigger the overflow. No further details were provided. Impact: A remote or local user may be able to cause arbitrary code to be executed. Solution: A fix (9.0 SR-1) is available at: http://www.winzip.com/upgrade.htm Vendor URL: www.winzip.com/wz90sr1.htm (Links to External Site)

Autor: VK

Heuristické vyhledání souvisejících článků v archívu NEWS

• WinZip varuje p?ed kritickou chybou - nainstalujte SR1
• Malicious code injection - již nejen pro SQL
• Dv? bezpe?nostní díry v Linuxu - prohlédn?te si obrázek, a p?es buffer oveflow je tam ...
• Nový exploit ukazuje možnost spoušt?ní libovolného kódu vzdáleným uživatelem
• NIST vydal draft: NIST Interagency Report (NISTIR) 7275 Revision 4, Specification for the Extensible Configuration Checklist Description Format (XCCDF) Version 1.2