A number of critical security flaws have been found in the popular file compression tool WinZip, according to the company itself and other third-party security researchers. Vulnerabilities found in program versions 3.x, 6.x, 7.x, 8.x and 9.x could allow an attacker to execute malicious code on a Windows PC.
While no exploits are known to be circulating, the wide deployment of WinZip makes the vulnerabilities important to patch immediately, WinZip said. Users of older WinZip versions must upgrade to version 9.x in order to get the fix, which is contained in WinZip 9.0 Service Release 1 (SR1). "WinZip Computing recommends that all WinZip users upgrade to WinZip 9.0 SR1 to avoid the possibility of future exploitation of these vulnerabilities," the company said. The update can be found on WinZip's site.