Vendors are continuing to address a security hole in the very popular Zlib data compression library. Zlib is used in many third-party programs, and it is distributed with many operating systems, including most Linux and BSD distributions. It is also used by Microsoft and other proprietary software companies since it works well and is licensed under the Zlib/libpng license, a version of the liberal BSD license.
Because Zlib is so widely used in the background to handle data and PNG (Portable Network Graphics) image compression in both open-source and proprietary programs, a successful attack method poses potentially serious security problems. A Microsoft spokesperson acknowledged that vulnerable versions of Zlib had been used in older Microsoft offerings. These programs included some Windows 98 and XP system files and some versions of Microsoft Office.