WinZip 11.x 'gdiplus.dll' Unspecified Vulnerability

High Nessus Plugin ID 34335


The remote Windows host has an application that is affected by an unspecified vulnerability.


The version of WinZip installed on the remote host is prior to 11.2 SR-1 (Build 8261). It is, therefore, affected by an unspecified vulnerability since it is known to ship with an old version of the Microsoft DLL file 'gdiplus.dll'.

Note that only WinZip versions 11.x on Windows 2000 systems use this file and are thus affected by this issue.


Upgrade to WinZip 11.2 SR-1 (Build 8261) or later.

See Also

Plugin Details

Severity: High

ID: 34335

File Name: winzip_gdiplus_vuln.nasl

Version: $Revision: 1.11 $

Type: local

Agent: windows

Family: Windows

Published: 2008/10/03

Modified: 2015/01/15

Dependencies: 78673, 11936

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:winzip:winzip

Required KB Items: installed_sw/WinZip, Settings/ParanoidReport

Exploit Available: false

Exploit Ease: No known exploits are available

Reference Information

BID: 31485