Compression Tool 7-Zip is vulnerable! CISCO Researcher said!

Are you a user of 7-Zip compression tool? Here is a bad news for you. This tool is vulnerable. According to a report of Jaeson Schultz (Security Researcher at CISCO), multiple vulnerabilities are present in this tool. These vulnerabilities are openly inviting hackers to gain the full control of infected systems. Jaeson said, Vendors of 7-Zip don’t know that the libraries used by them during the development of 7-Zip are vulnerable.

List of Vulnerabilities

CVE-2016-2335: Out of Bound Read Vulnerability

CVE-2016-2334: Heap Overflow Vulnerability

CVE-2016-2335

This vulnerability is present in the UDF (Universal Disk Format) files of 7-Zip. This vulnerability is depend on the file handling way, which 7 Zip is using to handle UDF files. Hackers could easily exploit this vulnerability by entering malicious codes into any entry. The entries of 7-Zip tool are handling requests in a format, which are used by hackers to design malwares.

CVE-2016-2334

According to Jaeson Schultz, another vulnerability is present in the Archive::NHfs::CHandler::ExtractZlibFile method functionality of 7-Zip tool. Jaeson said that by exploiting this vulnerability, hackers could get same privileges as user. A report has been sent by Jaeson to the developers of this open source tool and they are working to fix these security issues.This heap overflow vulnerability is working because the size of buffer is small as compared to block. Because the size of block is bigger, hacker could inject malicious codes in it. This could create the problem of Buffer Overflow.

Conclusion

7-Zip Tool is a very useful tool and it has a number of users. The developers of this open source are finding different ways to fix above security issues. An update has been released by 7-Zip. If you are a user of 7-Zip compression tool, please update it to its latest version 16.00. May be, 7-Zip team will release many more updates to completely fix above vulnerabilities.