Casa > cibernético Notícias > CVE-2018-10115 Affects All 7-Zip Versions Prior to 18.05
CYBER NEWS

CVE-2018-10115 afeta todas as versões 7-Zip anteriores à 18.05

CVE-2018-10115 é o identificador da vulnerabilidade de segurança mais recente descoberta no 7-Zip que afeta todas as versões do programa anteriores a 18.05.

More about 7-Zip

7-Zip is a free open-source archiver with a high compression ratio. The program is under the License of GNU LGPL & BSD 3-clause and can be used both by home and enterprise users. “You can use 7-Zip on any computer, including a computer in a commercial organization. You don’t need to register or pay for 7-Zip,” its website diz.

Story relacionado: 7-Zip e os perigos não tão ocultos das falhas CVE-2016-2335

7-Zip has been around for almost two decades since its initial release in 1999. Its last stable release was on April 30, 2018, which is 7-Zip version 18.05.

More about CVE-2018-10115

Here is the official description of the vulnerability:

Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.

Como mencionado, successful exploitation of this vulnerability could allow attackers to perform arbitrary code execution on vulnerable systems. Depending on the privileges associated with the user, an attacker could install programs; Visão, mudança, ou dados de exclusão; ou criar novas contas com direitos totais de usuário, CIS researchers disse.

Note that if you have configured to have fewer user rights on the system, you may be less impacted than those who operate with admin user rights.

The worst part is that CVE-2018-10115 affects all the versions of 7-Zip prior to its latest stable release, 18.05.

Quem está em risco? Large and small government entities are at high of exploitation, as well as small, medium and large businesses, and home users.

Felizmente, researchers say currently there are no reports of this vulnerability being exploited in the wild. Não obstante, counter measures should be taken.

Story relacionado: Vulnerabilidade uTorrent pode ser explorada por qualquer site

How to Counter CVE-2018-10115?

Researchers recommend the following actions:

  • Apply appropriate updates provided by 7-Zip to vulnerable systems, immediately after appropriate testing.
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Apply the Principle of Least Privilege to all systems and services.
Milena Dimitrova

Milena Dimitrova

Um escritor inspirado e gerente de conteúdo que está com SensorsTechForum desde o início do projeto. Um profissional com 10+ anos de experiência na criação de conteúdo envolvente. Focada na privacidade do usuário e desenvolvimento de malware, ela acredita fortemente em um mundo onde a segurança cibernética desempenha um papel central. Se o senso comum não faz sentido, ela vai estar lá para tomar notas. Essas notas podem mais tarde se transformar em artigos! Siga Milena @Milenyim

mais Posts

Me siga:
Twitter

Deixe um comentário

seu endereço de e-mail não será publicado. Campos obrigatórios são marcados *

Compartilhar no Facebook Compartilhar
Carregando...
Compartilhar no Twitter chilrear
Carregando...
Compartilhar no Google Plus Compartilhar
Carregando...
Partilhar no Linkedin Compartilhar
Carregando...
Compartilhar no Digg Compartilhar
Compartilhar no Reddit Compartilhar
Carregando...
Partilhar no StumbleUpon Compartilhar
Carregando...