Vulnerability Details CVE-2024-8811
WinZip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of archive files. When opening an archive that bears the Mark-of-the-Web, WinZip removes the Mark-of-the-Web from the archive file. Following extraction, the extracted files also lack the Mark-of-the-Web. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-23983.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 14.7%
CVSS Severity
CVSS v3 Score 7.8
Products affected by CVE-2024-8811
-
cpe:2.3:a:winzip:winzip:-
-
cpe:2.3:a:winzip:winzip:10.0
-
cpe:2.3:a:winzip:winzip:10.0.6698
-
cpe:2.3:a:winzip:winzip:10.0.7245
-
cpe:2.3:a:winzip:winzip:10.0_build_6667
-
cpe:2.3:a:winzip:winzip:11.0
-
cpe:2.3:a:winzip:winzip:11.1
-
cpe:2.3:a:winzip:winzip:11.1.7466
-
cpe:2.3:a:winzip:winzip:11.2
-
cpe:2.3:a:winzip:winzip:11.2.8094
-
cpe:2.3:a:winzip:winzip:11.3.8261
-
cpe:2.3:a:winzip:winzip:12.0
-
cpe:2.3:a:winzip:winzip:12.0.8252
-
cpe:2.3:a:winzip:winzip:12.1
-
cpe:2.3:a:winzip:winzip:12.1.8497
-
cpe:2.3:a:winzip:winzip:12.1.8519
-
cpe:2.3:a:winzip:winzip:14.0
-
cpe:2.3:a:winzip:winzip:14.0.8652
-
cpe:2.3:a:winzip:winzip:14.0.8688
-
cpe:2.3:a:winzip:winzip:14.5
-
cpe:2.3:a:winzip:winzip:14.5.9095
-
cpe:2.3:a:winzip:winzip:15.0
-
cpe:2.3:a:winzip:winzip:15.0.9302
-
cpe:2.3:a:winzip:winzip:15.0.9327
-
cpe:2.3:a:winzip:winzip:15.0.9334
-
cpe:2.3:a:winzip:winzip:15.0.9411
-
cpe:2.3:a:winzip:winzip:15.5
-
cpe:2.3:a:winzip:winzip:15.5.9468
-
cpe:2.3:a:winzip:winzip:15.5.9510
-
cpe:2.3:a:winzip:winzip:15.5.9579
-
cpe:2.3:a:winzip:winzip:16.0
-
cpe:2.3:a:winzip:winzip:16.0.9661
-
cpe:2.3:a:winzip:winzip:16.0.9686
-
cpe:2.3:a:winzip:winzip:16.5
-
cpe:2.3:a:winzip:winzip:17.0
-
cpe:2.3:a:winzip:winzip:17.5
-
cpe:2.3:a:winzip:winzip:18.0
-
cpe:2.3:a:winzip:winzip:18.5
-
cpe:2.3:a:winzip:winzip:19.0
-
cpe:2.3:a:winzip:winzip:19.5
-
cpe:2.3:a:winzip:winzip:20.0
-
cpe:2.3:a:winzip:winzip:20.5
-
cpe:2.3:a:winzip:winzip:21.0
-
cpe:2.3:a:winzip:winzip:21.5
-
cpe:2.3:a:winzip:winzip:22.0
-
cpe:2.3:a:winzip:winzip:22.5
-
cpe:2.3:a:winzip:winzip:23.0
-
cpe:2.3:a:winzip:winzip:24.0
-
cpe:2.3:a:winzip:winzip:25.0
-
cpe:2.3:a:winzip:winzip:26.0
-
cpe:2.3:a:winzip:winzip:27.0
-
cpe:2.3:a:winzip:winzip:29.0
-
cpe:2.3:a:winzip:winzip:5.5
-
cpe:2.3:a:winzip:winzip:5.6
-
cpe:2.3:a:winzip:winzip:6.0a
-
cpe:2.3:a:winzip:winzip:6.1
-
cpe:2.3:a:winzip:winzip:6.2
-
cpe:2.3:a:winzip:winzip:6.3
-
cpe:2.3:a:winzip:winzip:7.0
-
cpe:2.3:a:winzip:winzip:76.0
-
cpe:2.3:a:winzip:winzip:76.1
-
cpe:2.3:a:winzip:winzip:76.3
-
cpe:2.3:a:winzip:winzip:8.0
-
cpe:2.3:a:winzip:winzip:8.1
-
cpe:2.3:a:winzip:winzip:8.1.4331
-
cpe:2.3:a:winzip:winzip:9.0
-
cpe:2.3:a:winzip:winzip:9.0.6028
-
cpe:2.3:a:winzip:winzip:_9.0_sr-1_(6224)