Author Topic: Multiple Vulnerabilities in 7-Zip Could Allow for Arbitrary Code Execution  (Read 3947 times)

0 Members and 1 Guest are viewing this topic.

Online ky331

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 703
    • View Profile


https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-7-zip-could-allow-for-arbitrary-code-execution_2018-009/

Multiple vulnerabilities have been discovered in 7-Zip [a free and open-source file archiver] the most severe of which could allow for arbitrary code execution.

7-Zip versions prior to 18.00 are affected.  Users should apply appropriate updates provided by 7-Zip to vulnerable systems.

The current version is 18.01, available from http://www.7-zip.org/

Offline Aaron Hulett

  • Administrator
  • Hero Member
  • *****
  • Posts: 1458
  • Schrödinger's cat walks into a bar... and doesn't.
    • View Profile
    • My Site
Thanks.

Wish it had an update notification *anything* in the app.

Offline Digerati

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1285
    • View Profile
Wow, my version was from 2016.

But  >:( when I installed the newest version. It says it requires a system restart. That seems a bit extreme and archaic to me.
Bill (AFE7Ret)
Freedom is NOT Free!
2007 - 2018

Online ky331

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 703
    • View Profile
Wow, my version was from 2016.

That's because all the 2017 releases were Beta  http://www.7-zip.org/history.txt

Offline Aaron Hulett

  • Administrator
  • Hero Member
  • *****
  • Posts: 1458
  • Schrödinger's cat walks into a bar... and doesn't.
    • View Profile
    • My Site
It says it requires a system restart. That seems a bit extreme and archaic to me.
I didn't exactly enjoy that either. I'm guessing it's for right-click integration (so you can right-click a file and get 7-zip options on it like expand an archive and such), and rather than close the shell (explorer) and relaunch, go for the restart.

Pure guessing.

Offline Digerati

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1285
    • View Profile
Quote
I'm guessing it's for right-click integration (so you can right-click a file and get 7-zip options on it like expand an archive and such), and rather than close the shell (explorer) and relaunch, go for the restart.

Pure guessing.
I am sure that is right but I had that option disabled in the previous installation and this new version enabled them again. IMO, it should have honored my previous setup configurations.

To make it a bit more frustrating, the new version would not allow me to disable those features even though they clearly are listed in Tool > Options > 7-Zip menu. It said I did not have permission to make those changes when I clicked "Apply". I had to exit 7-Zip and start it again but this time, using the "Run as administrator" option. My user is an admin and I didn't have to run with that option installing. So not happy about that either.

I miss the old WinZip but I stopped using that years ago when they went to paid versions only.
Bill (AFE7Ret)
Freedom is NOT Free!
2007 - 2018

Offline Digerati

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1285
    • View Profile
Quote
That's because all the 2017 releases were Beta
I may also be because I rarely use it anymore. Windows 10 supports zip files natively.
Bill (AFE7Ret)
Freedom is NOT Free!
2007 - 2018

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 20791
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
With Windows 10, why is a third-party program needed for extracting zipped files?


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline techie

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 613
    • View Profile
With Windows 10, why is a third-party program needed for extracting zipped files?

I pretty much just use the built in version. 7zip really didn't seem to be user friendly.

I use peazip if I need to compile something into a zip file.

http://www.peazip.org/

Offline plodr

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1422
    • View Profile
Re: Multiple Vulnerabilities in 7-Zip Could Allow for Arbitrary Code Execution
« Reply #9 on: February 01, 2018, 01:38:01 PM »
I get rar files so that's why I installed 7zip. I stopped buying WinRAR years ago.

7zip also allows you to password protect a file when you zip it. That comes in handy when I send someone something sensitive that I don't want everyone to have access to.

So some of us need a bit more than Windows inbuilt utility at times.  :)

Offline Aaron Hulett

  • Administrator
  • Hero Member
  • *****
  • Posts: 1458
  • Schrödinger's cat walks into a bar... and doesn't.
    • View Profile
    • My Site
Re: Multiple Vulnerabilities in 7-Zip Could Allow for Arbitrary Code Execution
« Reply #10 on: February 01, 2018, 02:45:51 PM »
With Windows 10, why is a third-party program needed for extracting zipped files?

Right-click | Extract to <folder named after the filename>

Faster than the built-in wizard.

Offline Digerati

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1285
    • View Profile
Re: Multiple Vulnerabilities in 7-Zip Could Allow for Arbitrary Code Execution
« Reply #11 on: February 01, 2018, 02:50:24 PM »
Quote
7zip also allows you to password protect a file when you zip it.
That's true - though for me personally, I cannot remember last time I needed to do that. So the basic compression utility built into Windows is good enough for me.
Bill (AFE7Ret)
Freedom is NOT Free!
2007 - 2018