VULHUB ™

WinZip is a commercially-available file compression utility maintained and distributed by WinZip Computing, Inc. A problem has been reported in the encryption scheme used with WinZip files. Due to a problem in the algorithm used to password-protect files in WinZip, the encrypted key space may be reduced. This could increase the chances of a brute force attack to decrypt files compressed and encrypted with WinZip. ** The vendor has responded stating that WinZip 8, and earlier versions do not ship with the IBDL32.DLL library. Furthermore, the vendor has stated that WinZip 8.0 uses the standard Microsoft C library version of rand() which has been verified to be immune to the flaw reported in IBDL32.DLL.

WinZip is a commercially-available file compression utility maintained and distributed by WinZip Computing, Inc. A problem has been reported in the encryption scheme used with WinZip files. Due to a problem in the algorithm used to password-protect files in WinZip, the encrypted key space may be reduced. This could increase the chances of a brute force attack to decrypt files compressed and encrypted with WinZip. ** The vendor has responded stating that WinZip 8, and earlier versions do not ship with the IBDL32.DLL library. Furthermore, the vendor has stated that WinZip 8.0 uses the standard Microsoft C library version of rand() which has been verified to be immune to the flaw reported in IBDL32.DLL.