Forum Thread: Winzip 10.0 Build 7245 incorrectly detected as high threat

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:

Relating to this vendor:
And, this specific program:
WinZip 10.x

This thread has been marked as locked.
bigbadsteve Winzip 10.0 Build 7245 incorrectly detected as high threat
Member 22nd Nov, 2010 15:30
Ranking: 0
Posts: 6
User Since: 11th Jul, 2009
System Score: N/A
Location: N/A
I have Winzip 10.0 Build 7245 installed. PSI v1.5.0.2 displays it on its End-Of-Life Programs tab, which is fair enough. However the Version Detected is displayed there as "10.[with no zero] (7245)", and incorrectly listed as a Category 4 Security Threat. Clicking on the Threat rating graph displays a Secunia advisory indicating that Winzip 10.0 versions prior to Build 7245 have vulnerabilities, and "Solution: Update to version 10.0 Build 7245". Clearly the version/build is being incorrectly detected and Winzip 10.0 Build 7245 should not have a threat rating displayed.

Anthony Wells RE: Winzip 10.0 Build 7245 incorrectly detected as high threat
Expert Contributor 22nd Nov, 2010 17:32
Score: 2539
Posts: 3,401
User Since: 19th Dec 2007
System Score: N/A
Location: N/A

Hi ,

I think it is just a matter of interpretation . If 10.x is "EOL" then it is no longer supported by the vendor ; that is the PSI message . Version numbers can sometime be written/read differently according to the version data provided in the file Secunia is using to set the version detection rules ; this file may be different to the file used to actually detect the programme . Open Office shows such differences between the PSI detected version and what shows in the programme's "about" .

The "threat" rating has always been confusing and annoying (in my opinion) and is no longer present in the PSI Beta versions . Mousing over the (?) does indeed explain that this rating is what would be shown if you had not updated to your latest version and refers to the Advisory and the patch you made by updating to your current version .

So your version is as up to date as you can make it , but you will not know as of now in the future whether there are vulnerabilities which affect your version .

How you deal with that has to be your choice .

Hope that helps .



It always seems impossible until its done.
Nelson Mandela
Was this reply relevant?

This thread has been marked as locked.