"If you use, you can and should download v18.05 of the popular 7-Zip file archiver. The free to use WinZip replacement has a very critical vulnerability for which all it needed was a specially prepped RAR file.
This has been addressed with the release of has been fixed with v18.05, I am highlighting this new v18.05 release this much as this is a pretty bad one as it allows remote execution, based on just a RAR file. The security researcher (landave.io) who discovered the vulnerability informed the developer of 7-Zip on the 6th of March this year. It has patched with the release of 7-Zip 18.05, which not only fixes the vulnerability but also adds ASLR security measures."
http://www.guru3d.com/news-story/big-vulnerability-hits-7-zip-file-archiver-gets-patched-download-v18-05.html
https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/
No comments:
Post a Comment