Lucene search

[email protected]CVE-2008-3442

HistoryOct 03, 2022 - 4:13 p.m.

CVE-2008-3442

2022-10-0316:13:41

CWE-94

[email protected]

web.nvd.nist.gov

cve-2008-3442

winzip

update authentication

vulnerability

evilgrade

dns cache poisoning

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.0%

JSON

WinZip before 11.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.

Affected configurations

NVD

Node

winzipwinzipMatch7.0

winzipwinzipMatch8.0

winzipwinzipMatch8.1

winzipwinzipMatch8.1sr1

winzipwinzipMatch9.0

winzipwinzipMatch9.0sr1

winzipwinzipMatch10.0

CPENameOperatorVersion
winzip:winzipwinzipeq7.0
winzip:winzipwinzipeq8.0
winzip:winzipwinzipeq8.1
winzip:winzipwinzipeq9.0
winzip:winzipwinzipeq10.0

CPE	Name	Operator	Version
winzip:winzip	winzip	eq	7.0
winzip:winzip	winzip	eq	8.0
winzip:winzip	winzip	eq	8.1
winzip:winzip	winzip	eq	9.0
winzip:winzip	winzip	eq	10.0

References

archives.neohapsis.com/archives/bugtraq/2008-07/0250.html

securitytracker.com/id?1020581

www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf

www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.0%

JSON

Related for CVE-2008-3442

nvd1 cvelist1 prion1