This is some real news. I use 7-Zip quite often. Being relatively new to the infosec community, I find it to be fun, and a learning challenge to keep up with any new exploits!
Release notes for version 18.05, 2018-04-30 include:
> CVE-2018-10115 - Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.
7-Zip libraries are commonly used in third party applications, like… antivirus.
So, your antivirus can scan your .png files, try to uncompress them as rar (based on their content) and execute malicious code without you having even the slightest idea of what is happening.
I would not. It's not reasonable that a pure data viewer runs something. This is like saying viewing a script in notepad can run it and is expected to infect you. And for better or worse antiviruses use 7z dll to scan archives too.
Haha, that sourceforge 7zip "trailer" at the end was great. I wonder if anyone actually found that useful? Like, if they found the video, I assume they could have found and installed 7zip...
Websites put videos on pages because watcing a video increases tome on page, and time-on-page metrics that feed into automated advertising spend. The website needs nothing from the video besides you spending time playing it.
17 comments
[ 2.7 ms ] story [ 56.5 ms ] thread> CVE-2018-10115 - Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 and before can lead to usage of uninitialized memory, allowing remote attackers to cause a denial of service (segmentation fault) or execute arbitrary code via a crafted RAR archive.
Excellent article from the bug discoverer here: https://landave.io/2018/05/7-zip-from-uninitialized-memory-t...
Some good discussion in the linked HN discussion from a couple of days ago.
7-Zip infers filetype (by necessity in many cases), so any file that you open with 7-zip can trigger the problem.
People definitely would open: .zip, .7z, .gz, .xz, .iso, ...
So, your antivirus can scan your .png files, try to uncompress them as rar (based on their content) and execute malicious code without you having even the slightest idea of what is happening.
A similar thing is with ldd (I don't know if this still works and can't search or check right now): https://news.ycombinator.com/item?id=902958