KLA11190
Multiple vulnerabilities in 7-Zip
Обновлено: 05/02/2018
CVSS
7.5
Дата обнаружения
30/01/2018
Уровень угрозы
Critical
Описание

Multiple serious vulnerabilities have been found in 7-Zip. Malicious users can exploit these vulnerabilities to cause denial of service and possibly to execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. Memory corruption vulnerabilities in RAR3 handler can be exploited remotely via specially crafted RAR archive to cause denial of service and possibly to execute arbitrary code;
  2. A heap-based buffer overflow in the NCompress::NShrink::CDecoder::CodeReal method can be exploited remotely via specially crafted ZIP archive to cause denial of service and possibly to execute arbitrary code
Пораженные продукты

7-Zip earlier than 18.01

Решение

Update to the latest version
Download 7-Zip

Оказываемое влияние
?
ACE 
[?]

DoS 
[?]
Связанные продукты
7-Zip
CVE-IDS

CVE-2018-5996
CVE-2017-17969