Reported February 28, 2004 by iDefense.
WinZip 9.0 latest beta
WinZip 8.1 Service Release-1 (SR-1), possibly earlier versions
A buffer overflow vulnerability in WinZip can result in the arbitrary execution of code on the vulnerable system. This vulnerability is a result of a flaw in the parameter parsing routine. WinZip will crash when it provides long strings to certain parameters of MIME archives (.mim, .uue, .uu, .b64, .bhx, .hqx, and .xxe extensions).
<span style="font-family:Verdana"> </h3>
WinZip has made available version 9.0, which doesn’t have the buffer overflow vulnerability.
Discovered by iDefense.