As a result, unsuspecting user can launch arbitrary code as if it is a valid update. This means anyone on the same network as user running a vulnerable version of WinZip can use techniques like DNS poisoning to trick the application to fetch “update” files from malicious web server instead of legitimate WinZip update host. Since HTTP is unencrypted cleartext, it can be grabbed, manipulated, or highjacked by anyone with the ability to see that traffic. You can see a screenshot of a Wireshark capture of the update request in Figure 1 below.įigure 1: Packet capture of the WinZip 24 update request Martin Rakhmanov, Security Research Manager, Trustwave SpiderLabs
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |