claykin Posted July 19, 2008 Posted July 19, 2008 According to Secunia PSI scanner, the version of 7-zip (V4.4.2) you are using with the current Nlite is insecure. Here is the link describing the vulnerability:http://secunia.com/advisories/29434/
jaclaz Posted July 19, 2008 Posted July 19, 2008 (edited) Hmmm, not really documented :Description:A vulnerability with unknown impact has been reported in 7-zip.The vulnerability is caused due to unspecified errors. No further information is currently available.Reading the referred article:http://www.ee.oulu.fi/research/ouspg/proto...ng/c10/archive/It is clear that it is aimed to find vulnerabilitios in parsers of Unix Anti-virus apps when parsing files compressed in common archive formats.There is no evidence of a specific 7-zip vulnerability, as far as I can see, if not a reference to a prior, known one:http://xforce.iss.net/xforce/xfdb/22396that was however limited to the .arj format.The other cited article:https://www.cert.fi/haavoittuvuudet/joint-a...ve-formats.htmldoes specify a 7-zip vulnerability, if I get it right in the way it handles errors due to a mal-formed archive, so you need a mal-formed archive as well.Thanks for the heads up , but I don't think I will lose my sleep tonight for this. jaclaz Edited July 19, 2008 by jaclaz
bledd Posted July 19, 2008 Posted July 19, 2008 even if it has a vulnerability, it makes no difference, it's just working with the nlite stuff
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now