Login | Register 
Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Subscribe to this blog post
Print

Alert: 7-Zip Software Can Leave Your System Vulnerable

Total Tech Care Blog
0 Comments
Alert: 7-Zip Software Can Leave Your System Vulnerable

Software vulnerabilities can cause major issues for individuals and businesses. Cisco’s Talos Security Intelligence and Research Group, which is designed as an organization to “protect consumers from known and emerging threats,” has found such a vulnerability with 7zip.

The 7zip software is an open-sourced file archiver and decompressor, and has many software developers scrambling to patch their products. Since 7zip is freeware, it is naturally used in the development of other applications’ code; and that is making this particular vulnerability more than your run-of-the-mill code malfunction. Currently there are two discovered vulnerabilities with the software. ZDNet explains the issues in stark detail:

  • “The first vulnerability, CVE-2016-2335, is an out-of-bounds security flaw caused by the way 7zip handles Universal Disk Format (UDF) files. When partition maps are scanned to find objects within the file system, there is a lack of proper checking which can cause a read-out-of-bounds problem. If exploited, cyberattackers could use the vulnerability to execute code remotely.”
  • “The second security flaw, CVE-2016-2234 , is an exploitable heap overflow vulnerability found within the Archive::NHfs::CHandler::ExtractZlibFile method functionality of 7zip. In the software's HFS+ system, files can be stored in a compressed format using zlib, and depending on the size of the data, this information may be stored in blocks.”

In layman’s terms, the vulnerabilities affected the way that many programs utilizing 7zip function. In particular, software programs like antivirus solutions are affected. The vulnerabilities change the way that files are compressed and decrypted; and, since the 7zip code was used as a part of so many other pieces of software, the opportunities are real and prevalent. While this vulnerability may not present network administrators with as much fear as 2014’s Heartbleed vulnerability, the potential for data and network breaches is concerning.

Working with Talos, the 7zip developers have patched the problems, with their latest offering, 7zip v. 16.00, being free of these vulnerabilities. Any other version of the software needs to be updated immediately to ensure that users are not subject to data breaches as a result of this vulnerability. Any other software that has the 7zip code needs to be patched as well.

For more information on the latest security vulnerabilities, as well as information on how to protect your organization from potential threats, call us today at 866-348-2602.

Tweet
Tags:
Security Software Alert
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Wednesday, 30 April 2025
If you'd like to register, please fill in the username, password and name fields.

Blog Categories

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Software Efficiency Network Security Business Google Internet Microsoft Email Malware Backup Workplace Tips Innovation User Tips Data Computer Mobile Devices Hardware IT Services Android VoIP Disaster Recovery communications Business Continuity Smartphones Communication IT Support Miscellaneous Smartphone Mobile Device Browser Small Business Network Collaboration Productivity Quick Tips Cybersecurity Users Business Management Managed IT Services Windows Phishing Upgrade Data Backup Outsourced IT Ransomware Windows 10 Data Recovery Office Cloud Computing Server Save Money Passwords Windows 10 Chrome Social Media Virtualization Saving Money Holiday Tech Term Gadgets Automation Microsoft Office Managed Service Managed IT Services Cybercrime Computers Artificial Intelligence Operating System Facebook Hacking Health BYOD Internet of Things Mobile Device Management Networking IT Support Wi-Fi Information Technology Remote Information Spam Alert Covid-19 Office 365 Telephone Systems Managed Service Provider Mobility Recovery Employer-Employee Relationship Router BDR Bandwidth Social Engineering Data Breach Encryption Applications Human Resources Mobile Computing Law Enforcement Application Remote Monitoring App History Password Big Data Money VPN Blockchain Paperless Office Remote Computing Government How To Mobile Office Private Cloud Managed IT Data Storage Patch Management Office Tips Training Apps Gmail Servers Settings Flexibility Google Drive Marketing WiFi Two-factor Authentication Data Security IT solutions Entertainment Avoiding Downtime Website Budget Mouse HaaS Infrastructure Voice over Internet Protocol Bring Your Own Device Data Management Vulnerability Work/Life Balance Wireless Windows 7 Word Lithium-ion battery End of Support Education Physical Security Vendor Management Safety Firewall Sports HIPAA Staff Software as a Service Redundancy Telephone System Virtual Reality Machine Learning Keyboard Apple Connectivity Remote Work Social USB User Error Vendor Managed Services Meetings Display Save Time Risk Management Conferencing Data Protection Employee/Employer Relationship Hacker Cleaning RMM Scam The Internet of Things SharePoint IT Management CES Battery Shadow IT Botnet Content Management Virus Legal Business Technology IT Plan Access Control Customer Service Digital Signage Environment Unified Threat Management Internet Exlporer Unsupported Software Computer Accessories Virtual Assistant Authentication Fax Server Charger PDF Procurement Workplace Strategy SaaS Net Neutrality Compliance Computer Care Proactive IT OneNote Current Events Update Help Desk Printer Best Practice Telephony Printing Bluetooth Samsung YouTube Network Congestion eWaste Google Docs Black Market Identity Theft Value Managed Services Provider IT Consultant Spam Blocking Database Document Management Electronic Medical Records Solid State Drive Wireless Technology Wearable Technology Remote Workers How to Downtime Augmented Reality Fraud Retail Humor Hiring/Firing Hard Drives Instant Messaging Processor Robot Excel Data storage Remote Worker Automobile Hard Drive Biometrics Cryptocurrency Virtual Desktop Computing Infrastructure Going Green Business Intelligence DDoS Computing Comparison Audit Worker Virtual Machine Public Computer Techology Laptop File Sharing PCI DSS Camera 2FA Regulations Inventory Distributed Denial of Service Fiber Optics Specifications Customer Relationship Management Employee Transportation Customers Analyitcs Wire Messaging Computer Fan Evernote Cabling Audiobook Rootkit Hypervisor Travel Programming Touchpad Policy Printers Dark mode Trend Micro User Workers Millennials PowerPoint Benefits Windows Media Player Advertising Smart Office SMS FENG Wireless Charging Default App Politics Antivirus Saving Time IBM Procedure Virtual Private Network dark theme Notifications Flash Shopping Managing Stress Workforce Google Search Smart Technology Windows 8 AI Cables IT service IT Infrastructure Software Tips Supercomputer Bing Cameras FinTech Project Management Sync Nanotechnology Social Network Emails Telecommuting Tablet Relocation Cortana Domains Investment Digital Signature Employee/Employer Relationships Video Games Employees Warranty Windows 365 IaaS Netflix Maintenance ISP Worker Commute Two Factor Authentication Experience Bloatware HVAC Video Conferencing Root Cause Analysis Google Apps ROI HBO Analysis Bitcoin Knowledge Shortcuts Printer Server Scalability Music Sales Administrator Point of Sale Skype Devices Personal Cryptomining Business Owner Tablets Entrepreneur NarrowBand Enterprise Content Management Supply Chain Management Data loss Outlook Accountants Batteries Leadership Search Troubleshooting MSP Monitoring iPhone Microchip Windows 8.1 Start Menu Thought Leadership Digitize Credit Cards Shortcut Loyalty Cost Management Password Management Screen Mirroring Password Manager Windows Server 2008 R2 Frequently Asked Questions Multi-Factor Security Social Networking Books Customer relationships Files Search Engine Email Best Practices Mobile Twitter IT Assessment Windows 10s Manufacturing Chromecast NIST Cast Business Mangement Computer Tips Tip of the week Smart Tech Running Cable Managed IT Service webinar Trending Security Cameras Emergency Colocation Virtual CIO Uninterrupted Power Supply Professional Services Addiction OneDrive Public Cloud Amazon Biometric Security Employer Employee Relationship Memory Consultant Assessment Peripheral Recycling Digital Security Cameras Windows Server 2008 Practices Using Data Analytics Monitor Wiring Tools Cache Copiers Amazon Web Services 5G Best Available Television Safe Mode Quick Tip Criminal Ergonomics Streaming Media Hosted Computing WIndows 7 Smartwatch Science Reputation GDPR Tech Support Wireless Internet Development Online Shopping OLED Content

      Top Blog

      Taking a Vacation From Your Technology While On Vacation Can Actually Make Things Worse
      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      Read More
      QR-Code