Primary

Context

WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Vulnerability

Patched

A remote code execution vulnerability has been identified in WinZip, specifically in the parsing of 7Z files. This issue arises from inadequate validation of user-supplied data, leading to an out-of-bounds write that can overwrite memory. As a result, attackers can execute arbitrary code on the affected system, with the executed code running in the context of the current process. Exploitation requires user interaction, such as opening a malicious 7Z file.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system.

Remediation

Users can update to WinZip versions 76.8 or later for subscription licenses, or to version 29.0 or later, 28.0.16371 and later, or 27.0.16370 and later for perpetual licenses.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.5

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.8

impact

10.0

exploitability

4.4

remediation

7.7

relevance

0.0

threat

0.5

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

WinZip

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating