Number: AV16-078
Date: 12 May 2016
Purpose
The purpose of this advisory is to bring attention to a 7-Zip security update.
Assessment
A security update was released for 7-Zip which addresses multiple vulnerabilities. Exploitation of these vulnerabilities may allow for arbitrary remote code execution.
These vulnerabilities also affect the 7-Zip library, which is included with and leveraged by several hardware and software products.
Suggested Action
CCIRC recommends that system administrators identify their affected assets and potential interdependencies with their organization’s critical services, and follow their patch management process accordingly.
References:
- Cisco Talos (vulnerability report):
http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html - 7-Zip:
http://7-zip.org/download.html