- Description
- WinZip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archive files. When opening an archive that bears the Mark-of-the-Web, WinZip removes the Mark-of-the-Web from the archive file. Following extraction, the extracted files also lack the Mark-of-the-Web. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-23983.
- Source
- zdi-disclosures@trendmicro.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 3.0
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- Hype score
- Not currently trending
WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability (CVE-2024-8811) #CVE20248811 #CyberSecurity #RemoteCodeExecutionVulnerability #WinZip https://t.co/C8APPAVKMv
@SystemTek_UK
21 Jan 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Zero Day Initiative ha descubierto una vulnerabilidad crítica en #WinZip (CVE-2024-8811) que permite a los atacantes eludir las protecciones y ejecutar código arbitrario. Es crucial que los usuarios actualicen a la versión 76.8 para proteger sus sistemas https://t.co/x50n1SMtNb
@henryraul
25 Nov 2024
31 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨アバストのアンチルートキットドライバ、セキュリティプロセス無効化のために悪用される ⚠️WinZipの脆弱性により、有害コードの実行が可能になる恐れ:CVE-2024-8811 〜サイバーセキュリティ週末の話題〜 https://t.co/WeMZZLu2a3 #セキュリティ #インテリジェンス #OSINT
@MachinaRecord
25 Nov 2024
160 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-8811: WinZip Flaw Allows Malicious Code Execution https://t.co/v6z6sL4ROI
@freedomhack101
24 Nov 2024
30 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-8811 2 - CVE-2024-42477 3 - CVE-2024-8856 4 - CVE-2020-27786 5 - CVE-2024-46938 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
24 Nov 2024
95 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
日本でも多くのユーザーに利用されているWinZipで重大な脆弱性(CVE-2024-8811)が発生しており、アップデートして対策する事をお勧めします。 https://t.co/ch4iVXbxZ0
@01Programing
24 Nov 2024
18 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
WinZip Flaw Allows Malicious Code Execution (CVE-2024-8811) https://t.co/eW4bNndIO5
@TMJIntel
23 Nov 2024
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-8811: WinZip Flaw Allows Malicious Code Execution https://t.co/Rkgh26DyMZ
@VulnVanguard
23 Nov 2024
15 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-8811: WinZip Flaw Allows Malicious Code Execution https://t.co/Bbxpp1pO6C
@Dinosn
23 Nov 2024
9767 Impressions
74 Retweets
210 Likes
69 Bookmarks
1 Reply
3 Quotes
🗣 CVE-2024-8811: WinZip Flaw Allows Malicious Code Execution https://t.co/k9mnj79UCG
@fridaysecurity
23 Nov 2024
63 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
1 Quote
#WinZip Flaw Allows Malicious Code Execution Critical vulnerability in WinZip exposes users to potential code execution. Learn about CVE-2024-8811 and how to protect your system https://t.co/7LPFhepAUB
@the_yellow_fall
23 Nov 2024
611 Impressions
5 Retweets
15 Likes
3 Bookmarks
0 Replies
1 Quote
CVE-2024-8811 WinZip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of … https://t.co/TVHdhg31Pw
@CVEnew
22 Nov 2024
259 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:winzip:winzip:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "00E0B8D1-356B-4F1F-B1AC-E95F3763A1F0",
"versionEndExcluding": "76.8"
}
],
"operator": "OR"
}
]
}
]