The FastStone image viewer <http://www.faststone.org/> (and most probably other FastStone products too) contains a 3rd party ZipDll.dll 1.6.0.0 dated 2001-10-28. This DLL was originally written by Chris Vleghert and Eric W. Engler, based on InfoZIPs <http://infozip.org> code from 2000. It is but vulnerable and completely outdated: the current version of the successor <http://dll.delphizip.org/> is 1.90, the oldest version (1.78.7.3) listed there is from July 2005, almost 4 years newer than the DLL distributed with the Faststone image viewer. According to <http://infozip.org/FAQ.html#corruption> all versions of ZIP prior to 2.31 (November 2004) and UnZIP prior to 5.52 (February/March 2005) are vulnerable. Vendor was informed via <http://www.faststone.org/contactUs.htm>, but did not respond at all! Stefan Kanthak PS: Tools like Secunia's PSI don't detect such outdated and vulnerable DLLs/components, so: user beware!
