Chris Mosby (myITforum): National Vulnerability Database (CVE-2007-0264) - Buffer overflow in Winzip32.exe in WinZip 9.0 SR-1
Vulnerability Summary CVE-2007-0264 Original release date: 1/16/2007 Last revised: 1/17/2007 Source: US-CERT/NIST Overview Buffer overflow in Winzip32.exe in WinZip 9.0 SR-1 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long command line argument. NOTE: this issue may cross privilege boundaries if an application automatically invokes Winzip32.exe for untrusted input filenames, as in the case of a file upload application. NOTE: The provenance...(read more)
Link to National Vulnerability Database (CVE-2007-0264) - Buffer overflow in Winzip32.exe in WinZip 9.0 SR-1