We recently discussed a vulnerability in 7-Zip that could allow an attacker to run applications with administrator permissions. However, after further investigation into this vulnerability, it has been discovered that this might not be as serious as believed, or even not be true, especially considering the dispute in the CVE database. The self-proclaimed hacker who found it was not as helpful as it could have beenfinally explaining that he doesn’t want to reveal the vulnerability data entirely for financial reasons.
The developer of 7-Zip, given the limited information provided and the hacker bad attitude who informed you of the problem, just closed the report on SourceForge. You’ll probably figure out the problem on your own from the steps provided, but keep in mind that the lack of help is because this vulnerability is for sale and in use, definitely something to watch out for.
In any case, the attack vector is easy to avoid, although the mitigations are even simplersince until there is an update, we can remove the write permissions to the application and leave only the read and execute ones, or, alternatively, delete the 7-zip.chm file.
End of Article. Tell us something in the Comments!
Avid technology and electronics enthusiast. I’ve been messing around with computer components almost since I could walk. I started working at Geeknetic after winning a contest on their forum about writing hardware articles. Drift, mechanics and photography lover. Feel free to leave a comment on my articles if you have any questions.