HackDig : Dig high-quality web security articles for hackers

«No Previous
No Next

Code Execution Vulnerabilities In 7zip

2016-05-17 22:50
Just karma whoring here, since I noticed the announcement and figured
the news needs to spread. Cisco Talis discovered a number of bugs in
7zip versions prior to 16.00, some of which lead to arbitrary code
execution when processing certain malformed archives:


Versions from 9.20 to 15.00 are said to contain some or all of the bugs.

The comment stream in the 2nd link contains this remark:

"By default 7zip will pass inputs through all of its decompression
routines so blocking certain extensions will not work unless you also
pass a command line argument that specifies the parser to use. These
bugs will trigger with a malformed UDF/HFS file with a .zip extension
unless the added command line argument is used."

Upgrading to 7zip V16.00 ("as soon as possible") is said to fix the

The official 7zip changelog at http://www.7-zip.org/history.txt for
16.00 just says "Some bugs were fixed".

Cloud so convenient
Service provider not bright
All the files are gone

Sent through the Full Disclosure mailing list
Web Archives & RSS: http://seclists.org/fulldisclosure/

Source: 94/yaM/6102/erusolcsidlluf/gro.stsilces

Read:2775 | Comments:0 | Tags:No Tag

“Code Execution Vulnerabilities In 7zip”0 Comments

Submit A Comment



Blog :

Verification Code:


Tag Cloud