antonyMagnus7221 Posted June 2, 2022 Share Posted June 2, 2022 7-Zip zero-day vulnerability grants privilege escalation | TechSpot Needs to be addressed. OT and noticed this issue also exists with wrye bash Link to comment Share on other sites More sharing options...
Swampsta Posted June 3, 2022 Share Posted June 3, 2022 (edited) I'll second that. Edited June 3, 2022 by Swampsta Link to comment Share on other sites More sharing options...
rmm200 Posted June 3, 2022 Share Posted June 3, 2022 I will be very interested to see the developer's take on this. While Vortex unpacks .zip files, I have seen no indication that Vortex installs 7-zip. There is not a local copy under any Vortex directory. I would be delighted to see you reproduce this vulnerability using Vortex.As I read it, the hacker would have to have console access and open Vortex's copy of 7-zip Help. I know of no way to do that... I don't think it even exists. Link to comment Share on other sites More sharing options...
Guest deleted34304850 Posted June 3, 2022 Share Posted June 3, 2022 you may want to direct this to the 7zip developers. unless tannin42 can hack his way into their codebase and fix it himself? Link to comment Share on other sites More sharing options...
Pickysaurus Posted June 3, 2022 Share Posted June 3, 2022 If this is an exploit in 7zip, surely it's reliant on the creators of 7zip fixing it and releasing a patch? Link to comment Share on other sites More sharing options...
Solution Tannin42 Posted June 3, 2022 Solution Share Posted June 3, 2022 The way I read the article the security vulnerability is in the User Interface of 7zip (7zFM.exe), we don't even use that. Vortex uses the 7z command line tool. EDIT: Reading further into it the issue is disputed because it couldn't be reproduced and is now considered a hoax by many. Link to comment Share on other sites More sharing options...
rmm200 Posted June 3, 2022 Share Posted June 3, 2022 That was the developer's take I was hoping for. Thanks! Link to comment Share on other sites More sharing options...
antonyMagnus7221 Posted June 5, 2022 Author Share Posted June 5, 2022 Thanks for the replies. Still food for thought, seeing as how many vulnerabilities exist today it would be prudent for Vortex to remove the 7Zip program from its software and instead allow users to unpack the files with archive manager of choice no? BTW I did notice this issue was brought up at the 7Zip dev webbie, no telling if they got the message. It is open source after all an looks to me like last update occured before the vulnerability was discovered. Also using Kaspersky vulnerability checker indicates the problem is still found with Wrye Bash and Vortex. just an FYI Link to comment Share on other sites More sharing options...
rmm200 Posted June 5, 2022 Share Posted June 5, 2022 I confirm that Kaspersky flags it as a vulnerability: C:\Program Files\Black Tree Gaming Ltd\Vortex\resources\app.asar.unpacked\node_modules\7z-bin\win32\7z.exe And it really does not like Adobe. Flagged a good dozen of their products for Java and Flash. Link to comment Share on other sites More sharing options...
Guest deleted34304850 Posted June 5, 2022 Share Posted June 5, 2022 Thanks for the replies. Still food for thought, seeing as how many vulnerabilities exist today it would be prudent for Vortex to remove the 7Zip program from its software and instead allow users to unpack the files with archive manager of choice no? BTW I did notice this issue was brought up at the 7Zip dev webbie, no telling if they got the message. It is open source after all an looks to me like last update occured before the vulnerability was discovered. Also using Kaspersky vulnerability checker indicates the problem is still found with Wrye Bash and Vortex. just an FYIno, that's nonsense. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now