CVE-2024-8811: WinZip Flaw Allows Malicious Code Execution
Security researchers have uncovered a critical vulnerability in WinZip, a widely-used file archiving tool, that could allow attackers to bypass crucial security measures and potentially execute malicious code on users’ systems.
The vulnerability, tracked as CVE-2024-8811 and assigned a CVSS score of 7.8 (High), affects all versions of WinZip prior to version 76.8. It exploits a flaw in how WinZip handles the “Mark-of-the-Web” – a security feature used by Windows to flag files downloaded from the internet. This mark warns users that a file might be potentially unsafe and triggers additional security precautions.
However, researchers at Trend Micro Zero Day Initiative, led by Peter Girnus (@gothburz), discovered that WinZip inadvertently strips away this crucial Mark-of-the-Web flag when processing downloaded archive files. This means that even if a malicious file is downloaded from the internet and zipped, WinZip removes the warning flag, potentially deceiving users into thinking it’s safe.
How the Attack Works:
- Malicious Archive: An attacker crafts a zip archive containing malicious files, such as malware or scripts.
- Luring the Victim: The attacker tricks the user into downloading this malicious archive, perhaps through a phishing email or a compromised website.
- WinZip Strips the Mark: When the user opens the downloaded archive using WinZip, the software removes the Mark-of-the-Web, effectively hiding the file’s potentially harmful origin.
- Exploitation: The user, unaware of the danger, extracts the files. Without the Mark-of-the-Web, Windows may not enforce appropriate security measures, potentially allowing the malicious code to execute.
The Impact:
Successful exploitation of this vulnerability could lead to severe consequences, including:
- Malware Execution: Attackers could deliver and execute malware, such as ransomware, spyware, or Trojans, compromising the user’s system and data.
- Data Theft: Sensitive information could be stolen, leading to identity theft or financial loss.
- System Takeover: Attackers could gain control of the user’s system, potentially using it for further malicious activities.
Urgent Action Required:
Users of WinZip are strongly urged to update their software to version 76.8 or later immediately. This update addresses the vulnerability and ensures the Mark-of-the-Web is preserved, maintaining a crucial layer of protection against malicious files.
