Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

winzip vulnerabilities and exploits

(subscribe to this query)
7.5
CVSSv2

CVE-2008-3442

WinZip prior to 11.0 does not properly verify the authenticity of updates, which allows man-in-the-middle malicious users to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Winzip Winzip 7.0Winzip Winzip 8.0Winzip Winzip 8.1Winzip Winzip 9.0Winzip Winzip 10.0
3.7
CVSSv2

CVE-2004-1465

Multiple buffer overflows in WinZip 9.0 and previous versions may allow malicious users to execute arbitrary code via multiple vectors, including the command line.
Winzip Winzip 7.0Winzip Winzip 8.0Winzip Winzip 8.1Winzip Winzip 9.0
9.3
CVSSv2

CVE-2006-3890

Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote malicious users to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnera...
Sky Software Fileview Activex ControlWinzip WinzipWinzip Winzip 7.0Winzip Winzip 8.0Winzip Winzip 8.1Winzip Winzip 9.0
10
CVSSv2

CVE-2004-0333

Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote malicious users to execute arbitrary code via a MIME archive with certain long MIME parameters.
Openpkg OpenpkgUudeview Uudeview 0.5.18Uudeview Uudeview 0.5.19Winzip Winzip 7.0Winzip Winzip 8.0Winzip Winzip 8.1Gentoo Linux 1.4
4.6
CVSSv2

CVE-2001-0449

Buffer overflow in WinZip 8.0 allows malicious users to execute arbitrary commands via a long file name that is processed by the /zipandemail command line option.
Winzip Winzip 8.0
4
CVSSv2

CVE-2006-5198

The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 before build 7245 allows remote malicious users to execute arbitrary code via unspecified "unsafe methods."
Winzip Winzip 10.0
4.6
CVSSv2

CVE-2003-1376

WinZip 8.0 uses weak random number generation for password protected ZIP files, which allows local users to brute force the encryption keys and extract the data from the zip file by guessing the state of the stream coder.
Winzip Winzip 8.0
6.6
CVSSv2

CVE-2007-0264

Buffer overflow in Winzip32.exe in WinZip 9.0 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long command line argument. NOTE: this issue may cross privilege boundaries if an application automatically invokes Winzip32...
Winzip Winzip 9.0
9.3
CVSSv2

CVE-2006-6884

Buffer overflow in the WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 Build 6667 allows remote malicious users to execute arbitrary code via a long argument to the CreateNewFolderFromName method, a different vuln...
Winzip Winzip 10.0 Build 6667
6.1
CVSSv3

CVE-2025-33028

In WinZip up to and including 29.0, there is a Mark-of-the-Web Bypass Vulnerability because of an incomplete fix for CVE-2024-8811. This vulnerability allows malicious users to bypass the Mark-of-the-Web protection mechanism on affected installations of WinZip. User interaction i...
Winzip Winzip
Preferred Score:
CVSSv3
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-42599CVE-2025-3808phpgurukulinsecure direct object referenceCVE-2025-3840CVE-2025-43967men salon management systemdenial of servicevirtuemart component for joomlapritunlLFICVE-2025-32433CVE-2022-47112
Home
/
Search Results
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook