WinZip Zaps Buffer Overflow Flaws | Internet News

WinZip Zaps Buffer Overflow Flaws

Written By
Ryan Naraine
Ryan Naraine
Sep 2, 2004
1 minute read

A pair of security holes in the popular WinZip file compression
program could put users at risk of buffer overflow attacks, the company
warned Thursday.

WinZip Computing, which markets the Windows utility used to zip and
unzip files for storage and archiving, released version 9.0 Service
Release 1 (SR-1) to correct the flaws and warned that attackers could
launch buffer overflow attacks to hijack vulnerable systems.

“As of the release of WinZip 9.0 SR-1, WinZip Computing was not aware
that any of these vulnerabilities had been publicly described or
exploited,” the company said in an advisory posted on its home
page.

The company has also modified the way the program works to display
caution messages in some situations, such as when a user double-clicks
on an .EXE file compressed within a Zip file. WinZip will now issue a
warning that a file type could potentially contain a virus. “WinZip
users who frequently need to work with the file types involved can
easily turn the caution messages off,” the company said.

Security alert clearinghouse Secunia rates the vulnerabilities as
“highly critical” and recommended that users upgrade to WinZip 9.0.

The company has also added support for 128- and 256-bit key AES
encryption, which provides more cryptographic security than the
traditional Zip 2.0 encryption method used in earlier WinZip versions.

Internet News Logo

InternetNews is a source of industry news and intelligence for IT professionals from all branches of the technology world. InternetNews focuses on helping professionals grow their knowledge base and authority in their field with the top news and trends in Software, IT Management, Networking & Communications, and Small Business.

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.