WinZip this week warned users that its popular compression utility is vulnerable to a pair of buffer overflow-based attacks, and posted a new version to plug the holes.

The vulnerabilities could be used by hackers to compromise a WinZip-equipped PC and hijack the machine.

"WinZip was not aware that any of these vulnerabilities had been publicly described or exploited," the company said in an alert posted on its Web site. "However, WinZip recommends that all users upgrade to WinZip 9.0 SR-1 to avoid the possibility of future exploitation of these vulnerabilities."

Danish security firm Secunia rated the flaw as "highly critical," and said the vulnerabilities affected all version of WinZip as far back as v. 3.0.

The update, which can be downloaded free of charge by registered users from the company's site, also takes a page from Microsoft's Windows XP Service Pack 2 (SP2), and pops up cautions when users do potentially dangerous things, such as double-clicking an .exe file compressed within a Zip.

Numerous worms, including the most recent Bagle variant, have taken to packing their payloads in .zip files as a way to slip by defenses that block executable file attachments.