Recently, some security flaws were found in versions 3.x, 6.x, 7.x, 8.x and 9.x of Winzip which could allow an attacker to execute malicious code on a Windows PC. Now, Winzip have made a fix available which will plug the flaw in the way WinZip handles command line inputs. This fix is contained in WinZip 9.0 Service Release 1 (SR-1). The service pack also contains other security enhancements, such as if a user double-clicks on an .exe file compressed within a Zip file, WinZip will warn that the compressed file could contain a virus.
Winzip recommends on its Web site that all users upgrade to version 9 to get the fix at no cost.