7-Zip vulnerability affects security devices and antivirus products

The 7-Zip file has been shown to be filled with two flaws, which are capable of making the security devices and antivirus products it is on vulnerable to attack, researchers say.

7-Zip vulnerability affects security devices and antivirus productsThe file is an open source Windows utility allowing users and programmers to manipulate and change the archives for extreme compression thereby decreasing the size of files. 7-Zip makes support available for such large files and features an optional AES-256 encryption. Users can also put any compression, conversion or encryption method they prefer, however.

The utility is free, thus its increase in attention and popularity by both security experts and cyber criminals.

Multiple vendors such FireEye, Malwarebytes, and Comodo have all implemented the 7-Zip library in their anti-virus products and its components, according to various reports. On the other hand, some attackers have also manipulated the Nemucod software, once a Trojan downloader under the guise of a Zip file attachment. They have now made it into a successful, functional ransomware that has been using the 7-Zip software which therefore makes it easy to encrypt victim files.

Ciscos Talos has discovered that there are even more flaws in the 7-Zip file, which are even more dangerous than the usual security vulnerability. Marcin Noga and Jason Schultz explained in a blog post that the types of vulnerabilities seen in the 7-Zip files might not even be seen by most developers and vendors were unaware of what they were using. This is particularly concerning if it concerns security devices and antivirus products. 7-Zip is supported on most major platforms, and users might be surprised if they discovered just how many of their products were affected.

Ciscos Talos discovered two particular flaws in the system. The first was an out of bounds read vulnerability which is in existence because of how the 7-Zip utility has been handling the Universal Disk Format. Arbitrary code execution can be done through the use of this flaw by any attacker.

The second flaw is the heap overflow vulnerability. It relates to the way the files that have been compressed are in relation to each other and how they are stored in resource fork and sometimes divided into parts. One failure to check the parts would result in malformed block size and cause heap corruption and bugger overflow.

The researchers who found the flaws said most of the security flaws rising were as a result of failure to validate input data. Data can come from all kinds of sources, so input data validation was critically important to applications security, they said.

Users of the 7-Zip utility are all urged to upgrade to the latest version, the version 16.00.