New WinZip vulnerability

As if you weren't already paranoid enough about ZIP files...

The recent MyDoom virus required you to open a ZIP and then execute one of the files inside the attachment. But a new vulnerability announced by iDEFENSE allows arbitrary code execution just by opening the ZIP file. Note that as of yet I haven't heard of any known malware exploiting this problem, but history shows us that's it's only a matter of time before the next wave hits.

Time to patch your copy of WinZip!

Update 28-Feb:

Thanks to Kevin for pointing out that the problem doesn't actually affect ZIP files; it affects files such as MIM, UUE, etc. but in a default install they will all show the WinZip icon and open with the tool. It's still a great little utility though!

More details can be found here.

Comments (8)

  1. Chad Humphries says:

    Maybe now is a time to convert to WinRar (you don’t have to use the RAR format, it handles ZIP files just fine.)

    I used tar/gzip, then pkzip, then rar and I’ve stayed with a combo of rar (windows) and tar/gzip (on linux). I still can’t believe Winzip still has more or less the same UI after all of this time.

  2. Anonymous Coward says:

    Are people still paying for and using WinZip? I would have thought the number of people using it is fractional now that Windows has support for creating and browsing Zip files. If an exploit is found in the Windows Zip extension that will be something to *really* worry about…

  3. Ronin SpoilSpot says:

    Call me old fashioned, but I don’t want zip files to look like folders. That siadm I agree that WinZip is not the best zip-handler out there. I use PowerArchiver and is very happy with it,

    others use WinRar. And the are both cheaper than WinZip and supports more formats.


  4. Torgeir Bakken says:

    Acctually, if you read the IDEFENSE article a bit closer, this flaw does not affect ZIP files, but MIME-encoded files.

    And frim WinZip’s Web site:

    WinZip 9.0 Fixes a Security Issue with MIME-Encoded Files


    Q: What types of files are affected?

    A: Files with the following extensions, which are by default associated with WinZip and which are used in connection with MIME-encoded data, are affected: .MIM, .UUE, .UU, .B64, .BHX, .HQX, and .XXE.

    Other filetypes associated with WinZip, such as .ZIP, .TAR, and .CAB, are not affected.


  5. Peter Torr says:

    Thanks Torgeir. The problem is that most people only see the icon, which is the ZIP icon

  6. Peter Torr says:

    I’m already getting a bunch of Google hits for "WinZip exploit" and "WinZip vulnerability" in my referrer logs… looks like the kiddies are on the loose again

  7. Fred says:

    Hum… I arrived here by searching for "winzip virus vulnerability", yet, I ensure you I’m not a kiddie 😉 I was just having qualms of a sudden about opening an unknown .zip file from a highly suspect source with WinZip.

  8. Peter Torr says:

    Well, as they say, all generalisations are false 😉

Skip to main content