Fix 7-Zip Vulnerability by Installing Update

7-Zip is a popular archive software that can handle all kinds of files like 7z, ZIP, RAR, TAR, GZ and two dozen more. 7-Zip can open and create archives that no other software for Windows can. And on top of this, 7-Zip is an open-source software making it both free and transparent. This is why 7-Zip has become popular with the Windows users. But two recent vulnerabilities were discovered in the way it handles RAR and ZIP archives.

These vulnerabilities were present in the way 7-Zip manages the memory when opening the RAR and ZIP archives. If you open a specially designed RAR or ZIP archive file, then it can lead to the memory injection of your computer leading to all sorts of unwanted changes in your PC. For this reason, the 7-Zip developer, Igor Pavlov, has quickly released a new version for the popular archiving software. The new version 18.01 for 7-Zip does not have these vulnerabilities.

7-Zip Vulnerability

You can read more details about these vulnerabilities on a security blog at https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/. The author gives very detailed description about how the older versions of 7-Zip were causing multiple memory corruptions because of the way PPMd compression was being implemented for RAR extraction.

7-Zip Vulnerability

Since the 7-Zip does not come with an auto-update module like many web browsers do (Firefox or Chrome for example), you will have to manually download and install the newest version. The version 18.01 does not contain the aforementioned vulnerabilities. So all you have to do is visit 7-Zip.org website, download the 7-Zip installer and install the new version. You will have to the 32-bit or 64-bit version just as was previously installed in your PC. For example, if you have 7-Zip 16.00 32-bit, then you should download 18.01 32-bit version. Similarly, if you have 64-bit version installed, then you have to download the 18.01 64-bit version of 7-Zip.

You can download 7-Zip from http://7-zip.org/.