tag:blogger.com,1999:blog-4054614406137433263.post6655156863457665901..comments2024-03-25T18:56:05.062-04:00Comments on Metadata Consulting [dot] ca: 7-Zip Portable not 7-Zip hacked by CIAmetadataconsulting (profile)http://www.blogger.com/profile/02252886574672860301noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-4054614406137433263.post-67983847579818425962019-01-08T12:34:56.872-05:002019-01-08T12:34:56.872-05:00For context, it appears to be a vulnerability with...For context, it appears to be a vulnerability within 7-Zip's ability to create self-extracting archives (EXEs). This has been discussed in 7-Zip's forums and can be done by adding an expected DLL like uxtheme.dll to the directory with the 7-Zip self-extracting EXE, at least at the time. All of the exploits used in the Fine Dining exploit were similar DLL preload or replace issues within the apps themselves. Nothing that was added by PortableApps.com was exploited according to the dump. The apps are usually protected from this when running from Program Files courtesy of Windows' UAC protect, but could of course be exploited with a PATH change or if installed to another location or just extracted from a zip download. It should also be noted that the PortableApps.com Platform was updated within a day of the dump to mitigate the exploitable pieces of the affected apps by scanning for added and replaced DLLs. Complete details are here: https://portableapps.com/news/2017-03-13--mitigating-dll-hijacks-with-the-portableapps-com-platformAnonymoushttps://www.blogger.com/profile/08702436475455233966noreply@blogger.com