Critical security bug found in 7-Zip

7-Zip has released a patch for a critical security bug (CVE-2018-10115) in the code which allows it to handle RAR files, Sophos reported.

The security researcher who found the bug, and developed a working exploit for it, has subsequently published his findings.

According to the researcher, there were several uninitialised variables in the UnRAR code, as used by 7-Zip, making it possible to create a RAR archive file that would cause 7-Zip to execute malicious code hidden in the data part of the file.

Building a working exploit was easier than it could have been, as 7-Zip was made without support for address space layout randomisation (ASLR).

This means 7-Zip tools would always load into the same memory addresses, making it simpler for attackers to predict where certain fragments of executable code would be loaded.

7-Zip has patched the uninitialised variable vulnerability and enabled ASLR. The fixes are available from 7-Zip version 18.05.

Now read: Update for Ubuntu 16.04 LTS patches security vulnerabilities

Don't miss the latest news

• Add MyBroadband as a preferred source in Google Search
• Follow MyBroadband on Google News