IT security researchers have discovered a security vulnerability in the WinZip compression program. It allows attackers to trick victims into downloading malicious code using manipulated archives. When opening a malicious website or a carefully prepared archive with Winzip, attackers can execute any code they want from the network.

The IT researchers from Trend Micro's Zero-Day Initiative (ZDI) have discovered the vulnerability and published a security advisory about it. The problem occurs when processing 7-Zip files (7z). The problem results from a lack of checking of data submitted by users, which makes write access possible beyond the limits of an allocated memory area, as the IT researchers explain.

Zip, Zap, Oops: A Classic Case of Code Smuggling

The issue (CVE-2025-1240, CVSS 7.8, risk high) comes down to poor input validation when handling 7-Zip files. Basically, WinZip was not checking data properly, which let attackers write beyond allocated memory limits - a fancy way of saying they could hijack your computer faster than you could say "Why is my PC running so slow?".

And the best part? This little security nightmare was actually discovered back in September, but the according security notice with a CVE entry was issued only a few days ago.

Good News: WinZip 29.0 Saves the Day

Before you start panic-deleting WinZip, there is hope! The newly released WinZip 29.0 patches this vulnerability, meaning no more unexpected hacker surprises when unzipping files. If you are still using an older version, maybe because you ignored the update notifier, now is the time to upgrade.

The updated packages are available for download on the WinZip download page and on the UpdateStar WinZip page. Anyone who has deactivated the software's update notifier or does not use it and is therefore still using an older version should update to the new version quickly.

Users can find more details about this update below and in the according release notes.

What's New in WinZip 29

🚀 Crash Reports, Now with Less Mystery – If WinZip ever decides to take a nap mid-task, you can now send crash reports directly from the app. No need to scream into the void—we're listening!

⚡ Faster, Because Who Has Time to Wait? – We’ve shaved down WinZip's loading time, so you spend less time staring at a spinning wheel and more time getting things done.

🔄 Updates, Now Hassle-Free – Keeping WinZip up to date is easier than ever, so you do not have to jump through hoops to get the latest features and security fixes.

📦 Better Compression Support – RAR and 7-Zip files just got a performance boost, making your file-zipping and unzipping experience even smoother.

📧 Classier File-Sharing Emails – When you send files through WinZip, the emails will now look more polished and professional. No more outdated, clunky messages - just clean, clear communication.