{"api_version":"1","generated_at":"2026-04-24T09:43:02+00:00","cve":"CVE-2003-1376","urls":{"html":"https://cve.report/CVE-2003-1376","api":"https://cve.report/api/cve/CVE-2003-1376.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2003-1376","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2003-1376"},"summary":{"title":"CVE-2003-1376","description":"WinZip 8.0 uses weak random number generation for password protected ZIP files, which allows local users to brute force the encryption keys and extract the data from the zip file by guessing the state of the stream coder.","state":"PUBLISHED","assigner":"mitre","published_at":"2003-12-31 05:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["CWE-255","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.6","severity":"","vector":"AV:L/AC:L/Au:N/C:P/I:P/A:P","data":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"}}],"references":[{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/11296","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/11296","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://securityreason.com/securityalert/3265","name":"http://securityreason.com/securityalert/3265","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"CXSecurity - IDS","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/archive/1/311059","name":"http://www.securityfocus.com/archive/1/311059","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"SecurityFocus HOME Mailing List: BugTraq","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/6805","name":"http://www.securityfocus.com/bid/6805","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"WinZip File Encryption Scheme Limited Key Space Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2003-1376","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2003-1376","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2003","cve_id":"1376","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"winzip","cpe5":"winzip","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-08T02:28:02.787Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"20030208 Yet another plaintext attack to ZIP encryption scheme.","tags":["mailing-list","x_refsource_BUGTRAQ","x_transferred"],"url":"http://www.securityfocus.com/archive/1/311059"},{"name":"6805","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/6805"},{"name":"winzip-pkzip-weak-encryption(11296)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/11296"},{"name":"3265","tags":["third-party-advisory","x_refsource_SREASON","x_transferred"],"url":"http://securityreason.com/securityalert/3265"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2003-02-08T00:00:00.000Z","descriptions":[{"lang":"en","value":"WinZip 8.0 uses weak random number generation for password protected ZIP files, which allows local users to brute force the encryption keys and extract the data from the zip file by guessing the state of the stream coder."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-28T12:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"20030208 Yet another plaintext attack to ZIP encryption scheme.","tags":["mailing-list","x_refsource_BUGTRAQ"],"url":"http://www.securityfocus.com/archive/1/311059"},{"name":"6805","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/6805"},{"name":"winzip-pkzip-weak-encryption(11296)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/11296"},{"name":"3265","tags":["third-party-advisory","x_refsource_SREASON"],"url":"http://securityreason.com/securityalert/3265"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2003-1376","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"WinZip 8.0 uses weak random number generation for password protected ZIP files, which allows local users to brute force the encryption keys and extract the data from the zip file by guessing the state of the stream coder."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"20030208 Yet another plaintext attack to ZIP encryption scheme.","refsource":"BUGTRAQ","url":"http://www.securityfocus.com/archive/1/311059"},{"name":"6805","refsource":"BID","url":"http://www.securityfocus.com/bid/6805"},{"name":"winzip-pkzip-weak-encryption(11296)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/11296"},{"name":"3265","refsource":"SREASON","url":"http://securityreason.com/securityalert/3265"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2003-1376","datePublished":"2007-10-19T10:00:00.000Z","dateReserved":"2007-10-18T00:00:00.000Z","dateUpdated":"2024-08-08T02:28:02.787Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2003-12-31 05:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["CWE-255","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:P/I:P/A:P","baseScore":4.6,"accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":3.9,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:winzip:winzip:8.0:*:*:*:*:*:*:*","matchCriteriaId":"FDE7DCD6-90B3-4259-9BE6-B9F7A30A64AF"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2003","CveId":"1376","Ordinal":"1","Title":"CVE-2003-1376","CVE":"CVE-2003-1376","Year":"2003"},"notes":[{"CveYear":"2003","CveId":"1376","Ordinal":"1","NoteData":"WinZip 8.0 uses weak random number generation for password protected ZIP files, which allows local users to brute force the encryption keys and extract the data from the zip file by guessing the state of the stream coder.","Type":"Description","Title":"CVE-2003-1376"},{"CveYear":"2003","CveId":"1376","Ordinal":"2","NoteData":"2007-10-19","Type":"Other","Title":"Published"},{"CveYear":"2003","CveId":"1376","Ordinal":"3","NoteData":"2017-07-28","Type":"Other","Title":"Modified"}]}}}