If you use 7-Zip, you can see which version you’re running by starting 7-Zip and clicking on Help > About 7-Zip. There’s been a lot of back and forth about the bugs, but the upshot is that 7-Zip’s creator, Igor Pavlov, released a new version of 7-Zip, version 18.01, on Jan. Landave applied for, and received, a MITRE number for the latter, CVE-2017-17969. ![]() But that’s going to change as landave’s analysis reaches the mainstream.ĭetails of the bugs have to do with 7-Zip memory corruption, made worse by not running ASLR and DEP, and a heap buffer overflow in the shrink routine. The bugs are subtle and, as best as I can tell, have never been leveraged in the wild. īottom line: If you haven’t updated 7-Zip in the past few days, get off your tail and do it now. ![]() Late last year, landave, a self-described “Computer Science student enjoying cryptography, reverse engineering, and other information security topics,” discovered two startling security holes in 7-Zip, a free zip program I’ve recommended for years.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |