Thanks cybershark, and jon. Windows clients running the popular WinZip application are at risk from a number of critical security flaws, according to WinZip Computing and security researchers.
The compression/decompression tool is one of the most widely used pieces of software on the Windows platform.
WinZip versions 3.x, 6.x, 7.x, 8.x, and 9.x contain vulnerabilities that could allow an attacker to execute malicious code on a Windows PC, the vendor warns. In an advisory this week, Danish security firm Secunia gives the bugs a "highly critical" rating, the fourth-highest out of its five severity levels.
While no exploits are known to be circulating, the wide deployment of WinZip makes the vulnerabilities important to patch immediately, WinZip says. Users of older WinZip versions must upgrade to version 9.x in order to get the fix, which is contained in WinZip 9.0 Service Release 1 (SR1). "WinZip Computing recommends that all WinZip users upgrade to WinZip 9.0 SR1 to avoid the possibility of future exploitation of these vulnerabilities," the company says.