Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: Critical security vulnerability in WinZip 10 - SANS Internet Storm Center SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Critical security vulnerability in WinZip 10
WinZip Computing released a new build of WinZip 10 that fixes a critical security vulnerability in this popular ZIP program.

The vulnerability exists in an ActiveX component that is shipped with WinZip 10 only (so if you are running previous versions of WinZip you are not affected by this vulnerability). This ActiveX component is marked safe for scripting which means that a remote attacker can exploit it if you visit a web page hosting the exploit.

Build 7245 of WinZip 10 is available at If you, for some reason, can not upgrade, you should disable the affected ActiveX control (WZFILEVIEW.FileViewCtrl.61) ? its CLSID is A09AE68F-B14D-43ED-B713-BA413F034904.

I will be teaching next: Web App Penetration Testing and Ethical Hacking - SANS Pen Test Hackfest Europe 2022 - Berlin


403 Posts
ISC Handler
Nov 15th 2006

Sign Up for Free or Log In to start participating in the conversation!