Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Serious vulnerability in WinZip 9.0 - 03/04/04]

Mar 4, 2004 9:18AM PST

- Serious vulnerability in WinZip 9.0 -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)


Madrid, March 4, 2004 - A serious vulnerability has been discovered in WinZip, which could be exploited by a hacker to run arbitrary code on affected systems. For this reason, all users of this popular file compressor are advised to install version 9.0(*), which fixes this security flaw.

The vulnerability lies in a buffer overflow in versions of WinZip prior to 9.0. This flaw can be exploited using a specially-crafted MIME-encoded file
with one of the following extensions: .MIM, .UUE, .UU, .B64, .BHX, .HQX and
.XXE.

An attacker could send a file that, due to this problem in WinZip, would execute arbitrary code if the user tried to open it using a version of WinZip prior to 9.0.

More information at: http://www.winzip.com/fmwz90.htm

(*) Version 9.0 of WinZip can be downloaded from:
http://www.winzip.com/

Discussion is locked