- It's the applications, stupid
- Will a whitelist save personal computing?
- Thousands of Web sites under attack
- To solve the unsolvable problem
- Re-thinking the security of virtual machines
- Security Development Lifecycle trumps code complexity
- Is your Web site FIPS compliant?
- Computer security: Why have least privilege?
- Strategic security: Get a handle on authentication
- Control user installs of software
November 20, 2006 | Comments: (0)
A new, unpatched Winzip10.0 vulnerability
New buffer overflow in Winzip 10.0
New Winzip buffer overflow exploit announced on www.milw0rm.com in the form of proof of concept code.
Works on Winzip 10.0 (7245) and below. 7245 is the latest version. Winzip has not yet released a patch. Unknown if exploit can be leveraged to remote complete control.
Posted by Roger Grimes on November 20, 2006 05:04 AM
RATE THIS ARTICLE:
-
- COMMENTS
There is simply no excuse for buffer overflows any more. The law should be changed to permit user/victims to recover damages from the software vendor for losses due to buffer overflows. Other vulnerabilities are tricky and hard to pin down legally, but overflows are easy, and it's time to make software houses pay for selling dangerous junk.
Posted by: prowness at November 20, 2006 07:05 AMYou might just get your wish, with the new Congress.
I think they could make legislation for the egregious cases; set a high bar by basing it on "gross negligence".
As for the argument that there are already mechanisms in place to recover for damages: only if DA(s) take the trouble to organize the numerous parties that are likely to be injured by such actions into class action suits. It could use to be more streamlined; otherwise, you get the "Pinto" decision-making process, where software manufacturers _sometimes_ willfully write bad code if it will turn a quick profit...
TOP STORIES
HP buys EDS for $13.9 billionCorporate software spending slows
MS targets smartphone market
SOA Software buys LogicLibrary
Phishers scamming IRS rebates
Sun to clarify JavaFX plan
MS' dev tool service packs
Developers' role shifting
MS: SP3 reboots OEMs' fault
Apple: iPhone out of stock
ADDITIONAL RESOURCES
- Application Security: Threats and How to Counter Them
- Why Linux Threats Mean Business
- Minding the Machines: PC Disaster Recovery for the Enterprise
- Protect Your Data with SSL
- Prevent Your Next Microsoft Exchange Outage
- 11 Myths About Microsoft Exchange Backup & Recovery
