14 DAY TRIAL // WinZip Computing published a security advisory saying that WinZIP 10.0 is affected by a security flaw that was identified in one of its component modules.
Security company Secunia rated the vulnerability highly critical, mentioning that it "is caused due to several unspecified insecure methods in the FileView ActiveX control (WZFILEVIEW.FileViewCtrl.61). This can be exploited to execute arbitrary code via a specially crafted web site."
"This vulnerability could allow a remote attacker to execute arbitrary code on a system with an unpatched installation of WinZip 10.0 if the user was to visit a malicious web page. While there are no known exploits as of this announcement, WinZip 10.0 users are strongly urged to update to build 7245, due to the critical nature of the vulnerability. WinZip 10.0 build 7245 is available free of charge to all registered users of WinZip 10.0 Standard and Pro. Previous versions of WinZip are not affected by this vulnerability," WinZip Computing said in the security advisory.
To fix the flaw, the developers released WinZip 10.0 build 7245 entitled as a critical update for all users of WinZip 10.0.
WinZip is one of the most popular compression programs that can be found on the internet, handling most formats of archives and using powerful features that allow total control over an archive. It can be downloaded from Softpedia as a 21 days trial.