May 4, 2018

Big Vulnerability hits 7-Zip file archiver

"If you use, you can and should download v18.05 of the popular 7-Zip file archiver. The free to use WinZip replacement has a very critical vulnerability for which all it needed was a specially prepped RAR file.

This has been addressed with the release of has been fixed with v18.05, I am highlighting this new v18.05 release this much as this is a pretty bad one as it allows remote execution, based on just a RAR file. The security researcher ( who discovered the vulnerability informed the developer of 7-Zip on the 6th of March this year. It has patched with the release of 7-Zip 18.05, which not only fixes the vulnerability but also adds ASLR security measures."

No comments: