Lucene search

[email protected]CVE-2003-1376

HistoryDec 31, 2003 - 5:00 a.m.

CVE-2003-1376

2003-12-3105:00:00

CWE-255

[email protected]

web.nvd.nist.gov

winzip

password protection

zip files

weak random number

encryption keys

brute force attack

security vulnerability

7.3 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

WinZip 8.0 uses weak random number generation for password protected ZIP files, which allows local users to brute force the encryption keys and extract the data from the zip file by guessing the state of the stream coder.

CPENameOperatorVersion
winzip:winzipwinzipeq8.0

CPE	Name	Operator	Version
winzip:winzip	winzip	eq	8.0

References

securityreason.com/securityalert/3265

www.securityfocus.com/archive/1/311059

www.securityfocus.com/bid/6805

exchange.xforce.ibmcloud.com/vulnerabilities/11296

7.3 High

AI Score

Confidence

Low

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.2%

JSON

Related for CVE-2003-1376

cvelist1