As if you weren’t already paranoid enough about ZIP files…
The recent MyDoom virus required you to open a ZIP and then execute one of the files inside the attachment. But a new vulnerability announced by iDEFENSE allows arbitrary code execution just by opening the ZIP file. Note that as of yet I haven’t heard of any known malware exploiting this problem, but history shows us that’s it’s only a matter of time before the next wave hits.
Time to patch your copy of WinZip!
Thanks to Kevin for pointing out that the problem doesn’t actually affect ZIP files; it affects files such as MIM, UUE, etc. but in a default install they will all show the WinZip icon and open with the tool. It’s still a great little utility though!
More details can be found here.