Jump to content

Malwarebytes and 7zip library

Malika4
 Share

Recommended Posts

Malika4

Malika4

Posted
Posted

Hi,

 

yesterday I read an article about 2 high vulnerabilities in the 7zip program:

  • Improper exception handling in 7-Zip’s RAR3 handler can cause heap or stack memory corruptions (CVE-2018-5996)
  • A heap buffer overflow vulnerability in 7-Zip’s shrink decoder. (CVE-2017-17969)

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

It was released a new version 18.01 that removes the vulnerabilities.

So in Malwarebytes 3.3.1.2183 there are 2 7z.dll libraries and are from version 16.4.0  that has the 2 vulnerabilities so I would know is a risk? There will be from Malwarebytes an update of this 2 7z.dll?

 

Thanks

Link to post
Share on other sites
AlexSmith

AlexSmith

Posted
Posted

Hi @Malika4!!

Like you called out, the current release of Malwarebytes uses version 16.04 of the 7Zip DLL with CVE-2018-5996 and CVE-2017-17969. We are aware if this and are working on an updated release.

@jprism can you share some more info here?

Link to post
Share on other sites
  • Staff
jprism

jprism

Posted
  • Staff
Posted

Thanks, Alex.

We are planning to upgrade the 7zip version in the next MB3 release that should be out by the first week of February.  This fix will be included in the Beta of the next MB3 release, so if anyone wants it sooner, we advise to use the "Beta Application updates" found in the "Settings->Application" tab.

hope this helps.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.