Slammer64 Posted May 12, 2016 Posted May 12, 2016 Apparently, 7-zip versions prior to 16.00 are vulnerable, it's recommended to upgrade to the new version 16.00. Full story here: http://www.theregister.co.uk/2016/05/12/popular_zip_tool_7zip_pwned_pain_flows_to_top_security_software_tools/ New version here: http://www.7-zip.org/download.html
D_ManXX2 Posted May 12, 2016 Posted May 12, 2016 if i install the new version will auto remove previous version or do i uninstall the previous version first ?? i was still using 5.21 did not notice there where so many new versions after that. it was version 9.21 5.21 was winrar.
Slammer64 Posted May 12, 2016 Author Posted May 12, 2016 No, you'll need to remove the old version first.
Slammer64 Posted May 12, 2016 Author Posted May 12, 2016 Not a problem C.C., since most of us here deal with mods in 7-zip format, I just thought I'd let the forum know.
spoonsinger Posted May 12, 2016 Posted May 12, 2016 LOL, remotely logged into a clients PC to do the up date because it's after hours and get a face full of porn. (I don't think they noticed I had logged in , so left quietly and it will never be mentioned. Will have to try again later though )
Slammer64 Posted May 12, 2016 Author Posted May 12, 2016 I've never had that happen to me, spoonsinger (yet), but I've got about 75 clients so it's a matter of time...
Pkatt Posted May 13, 2016 Posted May 13, 2016 oh wow, thanks for this heads up. I was on 9.2 from 2010, and its one of those things that I installed and never thought to update.
Guest Posted May 13, 2016 Posted May 13, 2016 Now this makes me think, could similar things happen to other file opening programs e.g. WINRAR?
27X Posted May 13, 2016 Posted May 13, 2016 They have happened to similar programs. Winrar has already had issues in the past.
bjornk Posted May 13, 2016 Posted May 13, 2016 From what I understand these vulnerabilities basically involve UDF and HFS file extraction. I suppose you'll be fine if you don't extract those file types with 7zip. http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html
Slammer64 Posted May 13, 2016 Author Posted May 13, 2016 I think better safe than sorry, bjornk. Especially now that the vulnerability is public, there will be those trying to take advantage of it.
bjornk Posted May 13, 2016 Posted May 13, 2016 I somewhat agree on that, but keep in mind that a new version with many new features, which you may not even benefit from at all, means more potential future vulnerabilities, as proven by this case.
Mashi Posted May 13, 2016 Posted May 13, 2016 This really isn't news. If you run vulnerable code in a privileged account setting, an attacker can exploit that and execute code under the same permissions. It's similar to the problem with email servers and insufficient sandboxing for attachment scanning.
lindazana Posted June 3, 2016 Posted June 3, 2016 Thanks for the heads up! Didn't even know 7-zip could be exploited. Guh, now I need to check every other thing I have for updates x_x
darkconsole Posted June 3, 2016 Posted June 3, 2016 MO2 has already updated to 16.02, im not sure if replacing 7z.dll in old MO will work or not. the one in old MO was 9.something. [update] no it doesn't work.
FastestDogInTheDistrict Posted June 4, 2016 Posted June 4, 2016 I don't think I have 7-zip... there's no problem with WinRAR, right?
Recommended Posts
Archived
This topic is now archived and is closed to further replies.