From cybersguards.com
In the course of searching for WinZip network communications changes, the experts noticed that through the unsecured tcp, the WinZip archiver was vulnerable to many attacks. By granting a rogue “update,” any threat attacker will easily manipulate this.
Currently, WinZip is version 25, but soon after it is released, search the server for changes over an unencrypted connection, a flaw that could be abused by an agent who is ill-disposed. It also occurred that like the username and registration code, the registration data was transmitted via http.