Gdiplus.dll Vulnerability In WinZip Fixed In Version 11.2 SR-1
WinZip Computing released WinZip 11.2 SR-1 on September 25 with a critical update to all installations of WinZip 11. The release addresses a security vulnerability that exists in one of the modules shipped with WinZip 11. This component is not a WinZip module but rather a Microsoft module that WinZip Computing shipped for the convenience of our Windows 2000 customers.
Distribution files for WinZip versions 11.1 and 11.2 included an earlier gdiplus.dll which was placed in the WinZip program folder for Windows 2000 systems only. Other operating systems are not affected by these installations. Upgrading to WinZip 11.2 SR-1 or WinZip 12.0 on Windows 2000 systems will replace the earlier gdiplus.dll with a newer version that is not subject to the security vulnerability.
Versions of WinZip prior to 11.0 (10.0 or earlier) are not affected by this security vulnerability. Upgrading to WinZip 11.2 SR-1 (Build 8261) or WinZip 12.0 will remove the earlier gdiplus.dll from the WinZip program folder on Windows XP or Vista systems. On Windows XP or Vista, it is possible to delete the file from the WinZip folder (if it exists).
WinZip 11.2 SR-1 can be downloaded and installed over existing WinZip 11 installation. In order to preserve your existing WinZip registration information, do not uninstall your current WinZip 11 before installing this new version of WinZip 11.
Users should review the WinZip 11.2 SR-1 release notes and apply any necessary updates to help mitigate the risks.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.