New WinZip vulnerability

New WinZip vulnerabilityAs if you weren't already paranoid enough about ZIP files…

The recent MyDoom virus required you to open a ZIP and then execute one of the files inside the attachment. But a new vulnerability announced by iDEFENSE allows arbitrary code execution just by opening the ZIP file. Note that as of yet I haven't heard of any known malware exploiting this problem, but history shows us that's it's only a matter of time before the next wave hits.

Time to patch your copy of WinZip!  [Office Development, Security, Randomness…]

Leave a comment