Lucene search

[email protected]CVE-2003-1376

HistoryOct 19, 2007 - 10:00 a.m.

CVE-2003-1376

2007-10-1910:00:00

CWE-255

[email protected]

web.nvd.nist.gov

winzip

password protection

zip files

weak random number

encryption keys

brute force attack

security vulnerability

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

WinZip 8.0 uses weak random number generation for password protected ZIP files, which allows local users to brute force the encryption keys and extract the data from the zip file by guessing the state of the stream coder.

Affected configurations

NVD

Node

winzipwinzipMatch8.0

CPENameOperatorVersion
winzip:winzipwinzipeq8.0

CPE	Name	Operator	Version
winzip:winzip	winzip	eq	8.0

References

securityreason.com/securityalert/3265

www.securityfocus.com/archive/1/311059

www.securityfocus.com/bid/6805

exchange.xforce.ibmcloud.com/vulnerabilities/11296

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

6.9 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2003-1376

nvd1 cvelist1