WinZip 11.x 'gdiplus.dll' Unspecified Vulnerability

high Nessus Plugin ID 34335

Synopsis

The remote Windows host has an application that is affected by an unspecified vulnerability.

Description

The version of WinZip installed on the remote host is prior to 11.2 SR-1 (Build 8261). It is, therefore, affected by an unspecified vulnerability since it is known to ship with an old version of the Microsoft DLL file 'gdiplus.dll'.

Note that only WinZip versions 11.x on Windows 2000 systems use this file and are thus affected by this issue.

Solution

Upgrade to WinZip 11.2 SR-1 (Build 8261) or later.

See Also

https://update.winzip.com/wz112sr1.htm

Plugin Details

Severity: High

ID: 34335

File Name: winzip_gdiplus_vuln.nasl

Version: 1.12

Type: local

Agent: windows

Family: Windows

Published: 10/3/2008

Updated: 11/15/2018

Configuration: Enable paranoid mode

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:winzip:winzip

Required KB Items: Settings/ParanoidReport, installed_sw/WinZip

Exploit Ease: No known exploits are available

Reference Information

BID: 31485