Saturday 10 February 2018, Poradnik bezpieczeństwa

Dangerous security flaws revealed in 7-Zip

Lost24

According to the security experts from Cisco Talos company, 7-Zip - a popular open source file compression program that supports all major compression formats - contains two dangerous vulnerabilities.

The first security flaw was found in the code that handle Universal Disk Format (UDF) files, and if exploited, cyberattackers could use this vulnerability to execute any malicious codes remotely.

The second security flaw is an exploitable heap overflow vulnerability which could allow the attackers to compromise updated machines, giving attackers the same access rights as logged-in users.

Igor Pavlov - 7-Zip developer - has confirmed that both vulnerabilities have been fixed in the newest   version of his popular software. However, many third-party programs make use of 7-Zip's libraries. If those programs use pre-7-Zip 18.0 functions, then they are also vulnerable to the attacks.

What makes this particularly problematic is that there is no master list of programs that use 7-Zip for compression functionality. Therefore, if you are a creator of programs that are utilizing the 7-Zip libraries, then you should  make changes immediately.