Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WinZip Mark-of-the-Web Bypass Vulnerability
Vulnerability Description
WinZip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archive files. When opening an archive that bears the Mark-of-the-Web, WinZip removes the Mark-of-the-Web from the archive file. Following extraction, the extracted files also lack the Mark-of-the-Web. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-23983.
CVSS Information
N/A
Vulnerability Type
保护机制失效
Vulnerability Title
WinZip 产品安全漏洞
Vulnerability Description
WinZip是WinZip公司的一款功能强大的压缩和加密工具。 WinZip存在安全漏洞,该漏洞源于处理归档文件时移除了Mark-of-the-Web标记,导致提取后的文件同样没有此标记,可能允许远程攻击者在当前用户上下文中执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A