CVE-2008-3442
NONE EPSS 88.6%
Published Aug 1, 200817y ago · Modified Jun 16, 20262w ago
Published Aug 1, 2008 17y ago
Last Modified Jun 16, 2026 2w ago
Description
WinZip before 11.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
Threat Intelligence
EPSS Exploit Probability
88.6% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-94 Improper Control of Generation of Code (Code Injection) Injection
Affected Products 7
References 4
- archives.neohapsis.com http://archives.neohapsis.com/archives/bugtraq/2008-07/0250.html
- securitytracker.com http://securitytracker.com/id?1020581
- infobyte.com.ar http://www.infobyte.com.ar/down/Francisco%20Amato%20-%20evilgrade%20-%20ENG.pdf
- infobyte.com.ar http://www.infobyte.com.ar/down/isr-evilgrade-1.0.0.tar.gz
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.