Lucene search
HistoryOct 03, 2022 - 4:13 p.m.
CVE-2008-3442
cve-2008-3442
winzip
update authentication
vulnerability
evilgrade
dns cache poisoning
nvd
7.5 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.6%
WinZip before 11.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Affected configurations
Node
winzipwinzipMatch7.0
ORwinzipwinzipMatch8.0
ORwinzipwinzipMatch8.1
ORwinzipwinzipMatch8.1sr1
ORwinzipwinzipMatch9.0
ORwinzipwinzipMatch9.0sr1
ORwinzipwinzipMatch10.0
| CPE | Name | Operator | Version |
|---|---|---|---|
| winzip:winzip | winzip | eq | 7.0 |
| winzip:winzip | winzip | eq | 8.0 |
| winzip:winzip | winzip | eq | 8.1 |
| winzip:winzip | winzip | eq | 9.0 |
| winzip:winzip | winzip | eq | 10.0 |
Related
nvd
nvd
CVE-2008-3442
2008-08-01 14:41:00
cvelist
cvelist
CVE-2008-3442
2022-10-03 16:13:41
prion
prion
Design/Logic Flaw
2008-08-01 14:41:00
7.5 High
AI Score
Confidence
High
7.5 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.6%
Related for CVE-2008-3442