Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dangerous 7-Zip Vulnerabilities Flow To Top Security, Software Tools (theregister.co.uk)

Posted by BeauHD on from the access-rights dept.

mask.of.sanity quotes a report from The Register: Some of the world's biggest security and software vendors will be rushing to patch holes in implementations of the popular 7-Zip compression tool to stop attackers gaining full control of customer machines. Marcin Noga, Cisco security researcher, found and reported the holes to the platform, which could allow attackers to compromise updated machines, giving attackers the same access rights as logged-in users. FireEye and MalwareBytes are two of many products that use 7-Zip. "An out-of-bounds read vulnerability exists in the way 7-Zip handles Universal Disk Format files ... [which] can be triggered by any entry that contains a malformed Long Allocation Descriptor," Colleague of The Register Jaeson Schultz said. The flaws were fixed in 7-Zip 16.00, which was released Tuesday.

3 of 109 comments (clear)

  1. Re:Big pile of mess to clean up by 110010001000 · · Score: 5, Funny

    "catched it"? Your spell checker should have caught that one.

  2. Re: Big pile of mess to clean up by viperidaenz · · Score: 3, Funny

    Or Parsey McParseface

  3. Re:"user permissions" != "full control" by Insightfill · · Score: 3, Funny

    Al least in any sane system, and Windows has started, a few decades late, to use sound OS design practices. So no, not "full control".

    I haven't had "full control" of my Windows computer in a while. Maybe I can use this 7zip vulnerability to get something back from this beast of Windows 10.