Version(s): 9.0 and prior versions
Description: Some vulnerabilities were reported in WinZip. A remote or local user may be able to execute arbitrary code.
The vendor reported that they discovered some vulnerabilities, including potential buffer overflows, during an internal review of the WinZip code.
In addition, a WinZip user discovered a buffer overflow, where a local user can supply a specially crafted WinZip command line to trigger the overflow.
No further details were provided.
Impact: A remote or local user may be able to cause arbitrary code to be executed.
Solution: A fix (9.0 SR-1) is available at:
http://www.winzip.com/upgrade.htm
Vendor URL: www.winzip.com/wz90sr1.htm (Links to External Site)