Comment on Wide-ranging 7-zip vulnerability with 8.8 CVE rating allows for code execution — hundreds of millions of machines potentially at risk
According to the last paragraph, the vulnerability is in reading the archive itself, not the decompressed contents.
I think what quick snail is saying is that if you are going to download a malicious zip file you are just as likely to unzip the archive and run the program inside. It’s a lot easier to just have a malicious payload inside the archive.
Kactus@piefed.world 3 days ago
I think what quick snail is saying is that if you are going to download a malicious zip file you are just as likely to unzip the archive and run the program inside. It’s a lot easier to just have a malicious payload inside the archive.