CVE-2003-1376 - WinZip 8.0 uses weak random number generation for password protected ZIP files, which allows local u

CVE-2003-1376

Summary

WinZip 8.0 uses weak random number generation for password protected ZIP files, which allows local users to brute force the encryption keys and extract the data from the zip file by guessing the state of the stream coder.

References

http://securityreason.com/securityalert/3265
http://www.securityfocus.com/archive/1/311059
http://www.securityfocus.com/bid/6805
https://exchange.xforce.ibmcloud.com/vulnerabilities/11296

Vulnerable Configurations

cpe:2.3:a:winzip:winzip:8.0:*:*:*:*:*:*:*
cpe:2.3:a:winzip:winzip:8.0:*:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 29-07-2017 - 01:29)
Impact:
Exploitability:

CWE

CWE-255

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	6805
bugtraq	20030208 Yet another plaintext attack to ZIP encryption scheme.
sreason	3265
xf	winzip-pkzip-weak-encryption(11296)

Last major update

29-07-2017 - 01:29

Published

31-12-2003 - 05:00

Last modified

29-07-2017 - 01:29