Will Dorman and Tavis Ormandy are highly respected security researchers and very thorough in their methodology. If you wish, please visit the Twitter links I posted above to read the explanations for yourself. You don’t need to delete the CHM help file to be safe, but please feel free to do so if you wish. In addition, this claimed vulnerability could not have been exploited remotely.
I would say, yes you can safely update to 7-Zip version 22.01 since this claimed vulnerability was a hoax. The PsExec tool is legitimate but like any tool can be used for malicious purposes. That’s what a script is supposed to do and is not exploitable behavior. The video posted did not show exploitable behavior but merely the PsExec tool being used as was intended by being called within a script contained in an HTML file.
From my understanding of the Twitter posts, the claimed vulnerability did not include a description that made sense or was plausible or even a demonstration to show the vulnerability being exploited.
0 kommentar(er)
