CVE-2025-33028
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-33028
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-33028.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-33028
- Withdrawn
- 2025-08-04T18:17:59Z
- Published
- 2025-04-15T18:15:53Z
- Modified
- 2025-08-04T19:15:30Z
- Summary
- [none]
- Details
-
In WinZip through 29.0, there is a Mark-of-the-Web Bypass Vulnerability because of an incomplete fix for CVE-2024-8811. This vulnerability allows attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, WinZip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. NOTE: a third party has reported that this is a false positive, and has observed that the original CVE-2025-33028.md file has been deleted on GitHub.
- References