KLA10915
Arbitrary code execution vulnerability in 7-Zip
Updated: 06/17/2019
Detect date
?
12/16/2016
Severity
?
Critical
Description

A heap-based-overflow was found in 7-Zip before 16.00. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed HFS+ image.


Technical details

Vulnerability occurs in method NArchive::NHfs::CHandler::ExtractZlibFile.

Affected products

7-Zip before 16.00

Solution

Update to the latest version
Download 7-Zip

Impacts
?
ACE 
[?]
CVE-IDS
?
CVE-2016-23349.3Critical