The host is installed with WinZip before 11.0 and is prone to DNS cache poisoning vulnerability. A flaw is present in the application, which is caused by the WinZip update component. Successful exploitation allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.