Can a zip file be executable?

Solution 1:

Theoretically, some tools for uncompressing zip files may have vulnerabilities that can lead to some code execution. However, it is really unlikely that it is your case. Uncompressing tools for your programming language probably don’t have such vulnerabilities, and if the web server is running a UNIX like operating system (e.g. Linux), Windows viruses are not going to be executed anyway.

But you should also check each file path when extracting files from a zip archive, as it can be an absolute path or a file with .. (two dots) components, if the uncompressing library does not check this by default (for example, Python’s zipfile module was not until Python 2.7.4 was released). Otherwise files can be extracted to a different location on your disk.

Solution 2:

a zip might cause some trouble while you are trying to unzip it:

http://en.wikipedia.org/wiki/Zip_bomb