Even though this isn't particularly specific in it's synopsis I think that there are enough WinZip users out there to warrant a heads up....

I got this through BugTraq this morning:-

Date: Wed, 1 Sep 2004 07:31:24 -0400
Subject: http://www.winzip.com/wz90sr1.htm

WinZip reported discovering some vulnerabilities, including potential buffer overflows, during an internal review of the WinZip code. In addition, a WinZip user discovered a buffer overflow, where a local user can supply a specially crafted WinZip command line to trigger the overflow.

A fix (9.0 SR-1) is available at:



I don't have more informations.
You can just check