Secunia Advisory: SA10995
Release Date: 2004-02-27
Critical: Moderately critical
Impact: System access
Where: From remote
Software: WinZip 6.x
WinZip 7.x
WinZip 8.x
WinZip 9.x
Description:
iDEFENSE has reported a vulnerability in WinZip, which potentially can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in the UUDeview package within a parameter parsing routine. This can be exploited to cause a buffer overflow by tricking a user into opening a specially crafted MIME archive (".mim", ".uue", ".uu", ".b64", ".bhx", ".hqx", and ".xxe" file extensions) containing overly long strings to certain parameters.
Successful exploitation may allow execution of arbitrary code on a user's system with the user's privileges.
The vulnerability affects WinZip 6.2 up to and including the latest beta release of 9.0.
Solution:
The vulnerability has been fixed in WinZip 9.0.
http://www.winzip.com/
Provided and/or discovered by:
iDEFENSE
http://secunia.com/advisories/10995/

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic