Multiple Vulnerabilities in 7-Zip Could Allow for Arbitrary Code Execution

ky331 · January 30, 2018, 10:08:20 PM

https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-7-zip-could-allow-for-arbitrary-code-execution_2018-009/

Multiple vulnerabilities have been discovered in 7-Zip [a free and open-source file archiver] the most severe of which could allow for arbitrary code execution.

7-Zip versions prior to 18.00 are affected. Users should apply appropriate updates provided by 7-Zip to vulnerable systems.

The current version is 18.01, available from http://www.7-zip.org/

Aaron Hulett · January 30, 2018, 10:32:49 PM

Thanks.

Wish it had an update notification *anything* in the app.

Digerati · January 31, 2018, 05:04:14 PM

Wow, my version was from 2016.

But >:( when I installed the newest version. It says it requires a system restart. That seems a bit extreme and archaic to me.

ky331 · January 31, 2018, 05:17:38 PM

Wow, my version was from 2016.

That's because all the 2017 releases were Beta http://www.7-zip.org/history.txt

Aaron Hulett · January 31, 2018, 05:29:01 PM

Quote from: Digerati on January 31, 2018, 05:04:14 PM
It says it requires a system restart. That seems a bit extreme and archaic to me.

I didn't exactly enjoy that either. I'm guessing it's for right-click integration (so you can right-click a file and get 7-zip options on it like expand an archive and such), and rather than close the shell (explorer) and relaunch, go for the restart.

Pure guessing.

Digerati · January 31, 2018, 07:07:26 PM

QuoteI'm guessing it's for right-click integration (so you can right-click a file and get 7-zip options on it like expand an archive and such), and rather than close the shell (explorer) and relaunch, go for the restart.

Pure guessing.

I am sure that is right but I had that option disabled in the previous installation and this new version enabled them again. IMO, it should have honored my previous setup configurations.

To make it a bit more frustrating, the new version would not allow me to disable those features even though they clearly are listed in Tool > Options > 7-Zip menu. It said I did not have permission to make those changes when I clicked "Apply". I had to exit 7-Zip and start it again but this time, using the "Run as administrator" option. My user is an admin and I didn't have to run with that option installing. So not happy about that either.

I miss the old WinZip but I stopped using that years ago when they went to paid versions only.

Digerati · January 31, 2018, 07:30:46 PM

QuoteThat's because all the 2017 releases were Beta

I may also be because I rarely use it anymore. Windows 10 supports zip files natively.

Corrine · January 31, 2018, 08:44:14 PM

With Windows 10, why is a third-party program needed for extracting zipped files?

techie · January 31, 2018, 10:33:18 PM

Quote from: Corrine on January 31, 2018, 08:44:14 PM
With Windows 10, why is a third-party program needed for extracting zipped files?

I pretty much just use the built in version. 7zip really didn't seem to be user friendly.

I use peazip if I need to compile something into a zip file.

http://www.peazip.org/

plodr · February 01, 2018, 03:38:01 PM

I get rar files so that's why I installed 7zip. I stopped buying WinRAR years ago.

7zip also allows you to password protect a file when you zip it. That comes in handy when I send someone something sensitive that I don't want everyone to have access to.

So some of us need a bit more than Windows inbuilt utility at times. :)

Aaron Hulett · February 01, 2018, 04:45:51 PM

Quote from: Corrine on January 31, 2018, 08:44:14 PM
With Windows 10, why is a third-party program needed for extracting zipped files?

Right-click | Extract to <folder named after the filename>

Faster than the built-in wizard.

Digerati · February 01, 2018, 04:50:24 PM

Quote7zip also allows you to password protect a file when you zip it.

That's true - though for me personally, I cannot remember last time I needed to do that. So the basic compression utility built into Windows is good enough for me.