Reported February 28, 2004 by iDefense.
WinZip 9.0 latest beta
WinZip 8.1 Service Release-1 (SR-1), possibly earlier versions
A buffer overflow vulnerability in WinZip can result in the arbitrary execution of code on the vulnerable system. This vulnerability is a result of a flaw in the parameter parsing routine. WinZip will crash when it provides long strings to certain parameters of MIME archives (.mim, .uue, .uu, .b64, .bhx, .hqx, and .xxe extensions).
WinZip has made available version 9.0, which doesn’t have the buffer overflow vulnerability.
Discovered by iDefense.