- Serious vulnerability in WinZip 9.0 -
Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)
Madrid, March 4, 2004 - A serious vulnerability has been discovered in WinZip, which could be exploited by a hacker to run arbitrary code on affected systems. For this reason, all users of this popular file compressor are advised to install version 9.0(*), which fixes this security flaw.
The vulnerability lies in a buffer overflow in versions of WinZip prior to 9.0. This flaw can be exploited using a specially-crafted MIME-encoded file
with one of the following extensions: .MIM, .UUE, .UU, .B64, .BHX, .HQX and
.XXE.
An attacker could send a file that, due to this problem in WinZip, would execute arbitrary code if the user tried to open it using a version of WinZip prior to 9.0.
More information at: http://www.winzip.com/fmwz90.htm
(*) Version 9.0 of WinZip can be downloaded from:
http://www.winzip.com/

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic