Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

Compression Tool 7-Zip is vulnerable! CISCO Researcher said!

 

 

Are you a user of 7-Zip compression tool? Here is a bad news for you. This tool is vulnerable. According to a report of Jaeson Schultz (Security Researcher at CISCO), multiple vulnerabilities are present in this tool. These vulnerabilities are openly inviting hackers to gain the full control of infected systems. Jaeson said, Vendors of 7-Zip don’t know that the libraries used by them during the development of 7-Zip are vulnerable.

 

List of Vulnerabilities

  • CVE-2016-2335: Out of Bound Read Vulnerability
  • CVE-2016-2334: Heap Overflow Vulnerability

 

CVE-2016-2335

This vulnerability is present in the UDF (Universal Disk Format) files of 7-Zip. This vulnerability is depend on the file handling way, which 7 Zip is using to handle UDF files. Hackers could easily exploit this vulnerability by entering malicious codes into any entry. The entries of 7-Zip tool are handling requests in a format, which are used by hackers to design malwares.

 

CVE-2016-2334

According to Jaeson Schultz, another vulnerability is present in the Archive::NHfs::CHandler::ExtractZlibFile method functionality of 7-Zip tool. Jaeson said that by exploiting this vulnerability, hackers could get same privileges as user. A report has been sent by Jaeson to the developers of this open source tool and they are working to fix these security issues.This heap overflow vulnerability is working because the size of buffer is small as compared to block. Because the size of block is bigger, hacker could inject malicious codes in it. This could create the problem of Buffer Overflow.

 

Also read: Viking named Apps Has Been Removed by Google from Play Store!

Conclusion

7-Zip Tool is a very useful tool and it has a number of users. The developers of this open source are finding different ways to fix above security issues. An update has been released by 7-Zip. If you are a user of 7-Zip compression tool, please update it to its latest version 16.00. May be, 7-Zip team will release many more updates to completely fix above vulnerabilities. 

Leave a Reply

Name
Email id
Contact No
Comment

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.