CVE-2020-28963 – CVE-2020-28963 is a buffer overflow vulnerabili... (How to Fix)

Q: What is the severity of CVE-2020-28963?

CVE-2020-28963 has a CVSS score of 7.8 (HIGH). CVE-2020-28963 is a buffer overflow vulnerability in Passcovery ZIP Password Recovery software that allows attackers to execute arbitrary code by exploiting the decompress function. This affects users running vulnerable versions of the software who process malicious ZIP files. Successful exploitation could lead to complete system compromise.

📋 TL;DR

CVE-2020-28963 is a buffer overflow vulnerability in Passcovery ZIP Password Recovery software that allows attackers to execute arbitrary code by exploiting the decompress function. This affects users running vulnerable versions of the software who process malicious ZIP files. Successful exploitation could lead to complete system compromise.

💻 Affected Systems

Products:

Passcovery Co. Ltd ZIP Password Recovery

Versions: v3.70.69.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the specific version mentioned; other versions may also be vulnerable but not confirmed.

📦 What is this software?

Zip Password Recovery by Krylack

View all CVEs affecting Zip Password Recovery →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system takeover, data theft, and lateral movement within the network.

🟠

Likely Case

Local privilege escalation or denial of service when processing specially crafted ZIP files.

🟢

If Mitigated

Limited impact if software runs with minimal privileges and in isolated environments.

🌐 Internet-Facing: LOW - This is a desktop application not typically exposed to the internet.

🏢 Internal Only: MEDIUM - Could be exploited via social engineering or malicious files on internal networks.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Buffer overflow vulnerabilities in file processing functions are commonly exploited with publicly available proof-of-concept code.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v3.70.70.0 or later

Vendor Advisory: https://www.passcovery.com/security/

Restart Required: Yes

Instructions:

1. Download latest version from official Passcovery website. 2. Uninstall current version. 3. Install updated version. 4. Restart system if prompted.

🔧 Temporary Workarounds

Disable ZIP processing

windows

Prevent the software from processing ZIP files until patched

Run with limited privileges

windows

Execute software with non-administrative user account

🧯 If You Can't Patch

Uninstall the software completely
Implement application whitelisting to prevent execution of vulnerable version

🔍 How to Verify

Check if Vulnerable:

Check Help > About in the application for version number

Check Version:

Not applicable - check via GUI only

Verify Fix Applied:

Verify version is v3.70.70.0 or higher in Help > About

📡 Detection & Monitoring

Log Indicators:

Application crashes with memory access violations
Unusual process creation from ZIP Password Recovery

Network Indicators:

None - local exploitation only

SIEM Query:

EventID=1000 OR EventID=1001 Source="ZIP Password Recovery"

📊 Metadata

CVE ID: CVE-2020-28963

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-120

Published: October 22, 2021

Last Updated: November 21, 2024

🔗 References

https://www.vulnerability-lab.com/get_content.php?id=2258 Exploit,Third Party Advisory
https://www.vulnerability-lab.com/get_content.php?id=2258 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-28963, you might also want to check these: