On September 25, 2008, WinZip® Computing released WinZip 11.2 SR-1, a critical update to all installations of WinZip 11. WinZip 11.2 SR-1 is a free upgrade for registered users of versions 11.0, 11.1 and 11.2.

This release addresses a security vulnerability that exists in one of the modules shipped with WinZip 11. This component is not a WinZip module but rather a Microsoft module that WinZip Computing shipped for the convenience of our Windows 2000 customers.

Upgrading to WinZip 11.2 SR-1 or WinZip 12.0 on Windows 2000 systems will replace the earlier gdiplus.dll with a newer version that is not subject to the security vulnerability.

Distribution files for WinZip version 11.0 included an earlier gdiplus.dll which was placed in the WinZip program folder without regard to operating system. Note, however, that the .DLL is only utilized by WinZip on Windows 2000 systems. Versions of WinZip prior to 11.0 are not affected by this security vulnerability. Upgrading to WinZip 11.2 SR-1 (Build 8261) or WinZip 12.0 will remove the earlier gdiplus.dll from the WinZip program folder on Windows XP or Vista systems.

On Windows XP or Vista, you may simply delete the file from the WinZip folder (if it exists).