WinZip Mark-of-the-Web Bypass Vulnerability [CVE-2024-8811]
CVE number = CVE-2024-8811
This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of WinZip.
User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the handling of archive files.
When opening an archive that bears the Mark-of-the-Web, WinZip removes the Mark-of-the-Web from the archive file.
Following extraction, the extracted files also lack the Mark-of-the-Web.
An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user.
This issue has been fixed in WinZip 76.8
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.