Critical Security Vulnerability Affects All the Versions of 7-Zip Prior to 18.05

7-Zip is a free open source archiver with a high compression ratio. It is under the License of GNU LGPL & BSD 3-clause and can be used in any computers, including computers in the commercial organization.

The software is in use for more than 18 years its initial release was on 18 July 1999 and the last stable release on April 30, 2018, version 18.05.

A critical arbitrary code execution vulnerability discovered in 7-Zip affects all the versions of the software prior to 18.05.

By exploiting this vulnerability attackers could gain full access associated with the user profile and they can install view, change, or delete data; or create new accounts with full user rights.

Admin user accounts will be highly impacted by this vulnerability and the low privileged users are less impacted.

According to Center of Security threat intelligence “There are currently no reports of this vulnerability being exploited in the wild”.

The vulnerability is due to lack of address space layout randomization (ASLR) on the main executables (7zFM.exe, 7zG.exe, 7z.exe) which cause memory corruptions that lead to arbitrary code execution (CVE-2018-10115).


  • Update 7-Zip to the latest version 18.05.
  • Running the software as a non-privileged user.
  • Apply minimal privilege to all systems and services.
Guru Baran

Guru is an Ex-Security Engineer at Comodo Cybersecurity. Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Burp Suite 2023.6 Released – What’s New!

PortSwigger released a brand-new version of Burp Suite 2023.6 that is intended for both Professional…

16 hours ago

North Korean Hackers Mimic Journalists To Steal Credentials From Organizations

The North Korean APT group Kimsuky has been running a social engineering operation that targets experts…

1 day ago

Over 60,000 Android Apps Silently Install Malware on Devices

Recently, cybersecurity researchers uncovered that over 60,000 Android applications had been stealthily disguised as genuine…

1 day ago

Google Chrome Zero-Day Vulnerability Exploited Widely – Urgent Update

Google has recently taken prompt security measures by releasing a security update for its Chrome…

2 days ago

MOVEit Hack – BBC, British Airways Employees Contact and Financial Data Exposed

A major MOVEit Hack has impacted many businesses, notably the BBC, British Airways, Boots, and…

2 days ago

10 Best Vulnerability Scanner Tools For Penetration Testing – 2023

A Vulnerability Scanner Tools is one of the essential tools in IT departments Since vulnerabilities…

2 days ago