7-Zip is a free open source archiver with a high compression ratio. It is under the License of GNU LGPL & BSD 3-clause and can be used in any computers, including computers in the commercial organization.
The software is in use for more than 18 years its initial release was on 18 July 1999 and the last stable release on April 30, 2018, version 18.05.
A critical arbitrary code execution vulnerability discovered in 7-Zip affects all the versions of the software prior to 18.05.
By exploiting this vulnerability attackers could gain full access associated with the user profile and they can install view, change, or delete data; or create new accounts with full user rights.
Admin user accounts will be highly impacted by this vulnerability and the low privileged users are less impacted.
According to Center of Security threat intelligence “There are currently no reports of this vulnerability being exploited in the wild”.
The vulnerability is due to lack of address space layout randomization (ASLR) on the main executables (7zFM.exe, 7zG.exe, 7z.exe) which cause memory corruptions that lead to arbitrary code execution (CVE-2018-10115).
A very important message from the Norwegian National Cyber Security Centre (NCSC) says that Secure Socket Layer/Transport Layer Security (SSL/TLS)…
Linux is widely used in numerous servers, cloud infrastructure, and Internet of Things devices, which makes it an attractive target…
ViperSoftX malware, known for stealing cryptocurrency information, now leverages Tesseract, an open-source OCR engine, to target infected systems, which extracts…
Santander has confirmed that there was a major data breach that affected its workers and customers in Spain, Uruguay, and…
The U.S. government has offered a prize of up to $5 million for information that leads to the arrest and…
Russia leverages a mix of state-backed Advanced Persistent Threat (APT) groups and financially motivated cybercriminals to achieve its strategic goals,…