Jump to content

nLite Security Advistory


yngdiego

Recommended Posts

I just installed the Secunia Personal Software Inspector and it found a problem with a file included with the latest nLite beta.

--Technical details

Technical details about this installation of 7-Zip 4.x, you can use this information to determine why the Secunia PSI detected the program and the security state of it.

Version Detected:

4.42.0.0

Installation Path:

c:\Program Files (x86)\nLite\7z.exe

The non-vulnerable version is 4.57. Please include the non-vulnerable version in the next release.

Link to comment
Share on other sites


all this means is that the one used by nlite, when the latest edition was created, included the older 7z version. As we all know these different versions are updated all the time. Not to worry. If you don't want the 7z included in nlite, I would assume you can either, uninstall nlite or 'replace' the older version of 7z with the newer version. Haven't tried the latter, but it should work.

hope this helps.

Link to comment
Share on other sites

  • 4 weeks later...

According to Secunia PSI (www.secunia.org), the latest version of nLite contains a vulnerability in the included 7-Zip Standalone Console Decompressor. Will this component be updated to include a version that doesn't have the known vulnerability?

Link to comment
Share on other sites

Can you explain that vulnerability ?

If the tool is only used to unpack trusted files, it doesn't matter much.

I'm not sure what the impact factor is of this vulnerability, details aren't disclosed on secunia.org. Just that "The vulnerability is reported in versions prior to version 4.5.7". My reasoning is that when it's easy to prevent running an unknown risk, why not do so (upgrade the 7-zip executable)?

Link to comment
Share on other sites

Merged those 2 topics.

This 7z exe is a special compile including stuff that is needed. Gonna see about updating it but this is so trivial, who cares if it is vulnerable, we just use it to decompress addons.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...