CVE-2024-8811

Published Nov 22, 2024

Last updated a day ago

CVSS high 7.8

Overview

Description
WinZip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archive files. When opening an archive that bears the Mark-of-the-Web, WinZip removes the Mark-of-the-Web from the archive file. Following extraction, the extracted files also lack the Mark-of-the-Web. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-23983.
Source
zdi-disclosures@trendmicro.com
NVD status
Received

Risk scores

CVSS 3.0

Type
Secondary
Base score
7.8
Impact score
5.9
Exploitability score
1.8
Vector string
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

zdi-disclosures@trendmicro.com
CWE-693

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

4

  1. WinZip Flaw Allows Malicious Code Execution (CVE-2024-8811) https://t.co/eW4bNndIO5

    @TMJIntel

    23 Nov 2024

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2024-8811: WinZip Flaw Allows Malicious Code Execution https://t.co/Rkgh26DyMZ

    @VulnVanguard

    23 Nov 2024

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2024-8811: WinZip Flaw Allows Malicious Code Execution https://t.co/Bbxpp1pO6C

    @Dinosn

    23 Nov 2024

    9767 Impressions

    74 Retweets

    210 Likes

    69 Bookmarks

    1 Reply

    3 Quotes

  4. 🗣 CVE-2024-8811: WinZip Flaw Allows Malicious Code Execution https://t.co/k9mnj79UCG

    @fridaysecurity

    23 Nov 2024

    63 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    1 Quote

  5. #WinZip Flaw Allows Malicious Code Execution Critical vulnerability in WinZip exposes users to potential code execution. Learn about CVE-2024-8811 and how to protect your system https://t.co/7LPFhepAUB

    @the_yellow_fall

    23 Nov 2024

    611 Impressions

    5 Retweets

    15 Likes

    3 Bookmarks

    0 Replies

    1 Quote

  6. CVE-2024-8811 WinZip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of … https://t.co/TVHdhg31Pw

    @CVEnew

    22 Nov 2024

    259 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References