cvedb.io
CVE-2024-8811
HIGH · CVSS 7.8
EPSS exploitation probability: 0%
Published 2024-11-22T21:15:19.220 · Last modified 2026-06-17T08:23:20.927

Summary

WinZip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archive files. When opening an archive that bears the Mark-of-the-Web, WinZip removes the Mark-of-the-Web from the archive file. Following extraction, the extracted files also lack the Mark-of-the-Web. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-23983.

Affected products

winzip — winzip

Does this affect you?

Add your gear to cvedb and we'll alert you only when winzip ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.