Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Security exploits in third party libraries
Message
 
To
31/03/2020 02:43:55
Christian Isberner
Hannover, Germany
General information
Forum:
Visual FoxPro
Category:
Third party products
Title:
Re: Security exploits in third party libraries
Miscellaneous
Thread ID:
01673898
Message ID:
01673899
Views:
74
This message has been marked as a message which has helped to the initial question of the thread.
Hi,

Both cases...

1) If you use 7-zip for extracting, than customer can extract file from infected archive file (save to app folder, run standard operation for import data from archive file)
2) Troyan find old dll with bug and use it.

MartinaJ

>I was wondering what it means to have a security exploit in a library that is used by our application.
>
>For instance we are using 7-zip for compression in our application (for instance to create backup files), which we install through our setup program in a folder together with our application. We don't actually install 7-zip application, but just copy the libraries that are then used by our application.
>
>As an example, there were security updates for 7-zip in the past because of vulnerabilities (https://www.groovypost.com/news/serious-security-exploits-found-in-7-zip-update-available/)
>
>What would that mean for our application, if we won't update the 7-zip libraries on time, how would an attacker be able to take advantage of those libraries to exist in our application folder? I am not sure if the fact that these libraries are only used from our application don't pose a security risk, because they are actually not used directly by the user, or does the simple fact of their existance already give an attacker the possibility to exploit those vulnerabilities?
"Navision is evil that needs to be erazed... to the ground"

Jabber: gorila@dione.zcu.cz
Jabber? Jabbim
Previous
Reply
Map
View

Click here to load this message in the networking platform