CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
September 30th, 2008

Gdiplus.dll Vulnerability In WinZip Fixed In Version 11.2 SR-1

WinZip Computing released WinZip 11.2 SR-1 on September 25 with a critical update to all installations of WinZip 11. The release addresses a security vulnerability that exists in one of the modules shipped with WinZip 11. This component is not a WinZip module but rather a Microsoft module that WinZip Computing shipped for the convenience of our Windows 2000 customers.

Distribution files for WinZip versions 11.1 and 11.2 included an earlier gdiplus.dll which was placed in the WinZip program folder for Windows 2000 systems only. Other operating systems are not affected by these installations. Upgrading to WinZip 11.2 SR-1 or WinZip 12.0 on Windows 2000 systems will replace the earlier gdiplus.dll with a newer version that is not subject to the security vulnerability.

Versions of WinZip prior to 11.0 (10.0 or earlier) are not affected by this security vulnerability. Upgrading to WinZip 11.2 SR-1 (Build 8261) or WinZip 12.0 will remove the earlier gdiplus.dll from the WinZip program folder on Windows XP or Vista systems. On Windows XP or Vista, it is possible to delete the file from the WinZip folder (if it exists).

WinZip 11.2 SR-1 can be downloaded and installed over existing WinZip 11 installation. In order to preserve your existing WinZip registration information, do not uninstall your current WinZip 11 before installing this new version of WinZip 11.

Users should review the WinZip 11.2 SR-1 release notes and apply any necessary updates to help mitigate the risks.

Share this item with others:

More on CyberInsecure:
  • JavaScript Bug Patched By Mozilla In Firefox 2.0.0.14
  • XSS Flaw Fixed In Latest WordPress 2.6.5
  • Firefox Update Patch 9 Security Vulnberabilities, 4 Rated Critical
  • Record Number Of Vulnerabilities Fixed In Microsoft’s Patch Tuesday
  • XSS Worm At Justin.tv Affects 2525 Profiles

    • Posted in Software, Vulnerabilities | Print This Post Print This Post

    This entry was posted on Tuesday, September 30th, 2008 at 4:09 pm and is filed under Software, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Gdiplus.dll Vulnerability In WinZip Fixed In Version 11.2 SR-1

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »