Friday, November 21, 2025

Last final working version of GIMP compatible with Windows 7

Can confirm v2.10.38 works on Windows 7 still, even though the download page says Win10 support only, see last image below.

Download Gimp v2.10.38 here - Index of /gimp/v2.10/windows/

Version 2.10.36 lists Windows 7+ as supported.

Version 2.10.38 lists Windows 10+ as supported only.

Thursday, November 20, 2025

7Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001) with proof-of-concept (PoC) code

7-Zip is third party EU FOSS approved software used to encrypt/decrypt many file formats, including zip, .tar, .gz, .rar and proprietary .7z format.

The vulnerability in question is CVE-2025-11001 (CVSS score: 7.0, October 7th, 2025), which allows remote attackers to execute arbitrary code using symbolic links.

Symlinks in Windows 10! - Excellent article and demonstrates how a symbolic link can run an executable.

Also fixed was CVE-2025-11002 (CVSS score: 7.0), that allows for remote code execution by taking advantage of improper handling of symbolic links within ZIP archives, resulting in directory traversal. Both shortcomings were introduced in version 21.02.

How to Fix

Fixed in 7-Zip version 25.01 (25.00 has been removed from download page)

Upgrade your 7-zip now - Download (7-zip.org) - Confirmed working on Windows 7.

POC Code
pacbypass/CVE-2025-11001: Exploit for CVE-2025-11001 or CVE-2025-11002 (github.com)

Wednesday, November 19, 2025

Looking for RichCopy with an active download link - Update Nov 2025

This post will explore consolidate or merging multiple files in multiple locations into 1 (one) directory and consolidating repeat files into 1 file using Richcopy, a free easy-to-use utility from Microsoft.

Basically the Richcopy GUI tool has some advanced functionality found in Robocopy. Robocopy is short for robust copy, and is a built-in Windows utility that provides robust file copy, such as copying files without permissions. Read my post for more info.

First you need to get a copy of RichCopy as described in this article in TechNet Magazine Utility Spotlight RichCopy, by J. Hoffman

RichCopy 4.0.217.0 is in this file ~~HoffmanUtilitySpotlight2009_04.exe~~ (5,896 KB) named after J. Hoffman the author. Download and run setup.exe.

Update 2025: Download RichCopy 4.0.217 - FileCroco.com - HoffmanUtilitySpotlight2009_04.exe has Microsoft Signature intact.

Why Richcopy vs Robocopy?

1. Ease of Use: RichCopy's GUI makes it easier for users who are not comfortable with command-line interfaces, while Robocopy requires familiarity with command-line syntax, which can have a steeper learning curve.

2. Performance: RichCopy's multithreading can lead to faster transfers in certain scenarios, but Robocopy's robust error handling and logging make it more reliable for critical file operations.

3. Functionality: Robocopy offers more advanced features for automation and scripting, making it suitable for IT professionals and system administrators who need to perform complex file operations regularly.

Image 1: RichCopy GUI

A brief background on Robocopy

Robocopy enables the more serious file replication tasks that can really simplify your job. The biggest benefit I think you'll find is the ability to create full mirror duplicates of two file structures (including all sub-directories and files, if you choose) without copying any unnecessary files. Only the files that are new or have been updated in the source location will be copied. Robocopy also allows you to preserve all of the associated file information, including date and time stamps, security access control lists (ACLs) and more.

Robocopy is built into Windows 7, Windows 8+, Windows 10+, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2016+

In this case, we're discussing the simplest of tasks: copying files. Except copying files is not always that simple.

What if you're copying thousands of files across a slow connection?
What happens if your network hiccups and interrupts the copy?
What if you want to make sure that you preserve particular file attributes, such as a Last Modified date, but not other attributes, like security descriptors?
What if you want to filter the files you're copying from source to destination based on filename or extension?
Copy files without permissions and file information
Copy files longer than 260 characters
Actively supported

Consolidate Repeated Files

RichCopy version 4.0 supports specifying multiple source directories. Default behavior is to create directories with same name as source, and make a copy. When this option is selected, RichCopy copy all sources files and directories into specified destination directory without creating directories with same name as source.

Also, if you have File A in Directory 1 and File A in Directory 2, File A with the latest date will be copied into Destination directory. This behaviour can be altered using Copy always (do not compare source and destination) options, see image 2.

Never have repeat file again, especially when syncing to the cloud.

Consolidate Files Using RichCopy

Step 1 Choose multiple source directories and destination (consolidated) directory.

NOTE : When this completes, Copy complete only mentions the last path of Source Path.

Image 1: RichCopy GUI

Step 2 Choose Option button and select "Consolidate multiple sources"

Image 2: RichCopy Options interface

Step 3 Wait until "Copy Complete" appears in Description as in Image 1. Copy complete only mentions the last path of Source Path. This behaviour can be altered using Copy always (do not compare source and destination) options.

Step 4 Done.

Consolidate Multiple Source Results

Here's proof of the the process when using "Consolidate multiple sources" option;

Our two source directories are c:\temp and c:\backup, and contain the same files NameLengths.txt and PathLengths.txt.

Image 3 : Temp source Directory

Take note of NameLength.txt time-stamp in Backup directory (Image 4) is newer than temp directory (Image 3 above).

Image 4 : Backup source directory

The resultant consolidate directory contains only 1 copy of the all the repeated files. Duplicate files are resolved using the most recent time-stamp. This behaviour can be altered using Copy always (do not compare source and destination) options.

NameLength.txt's time-stamp in Backup directory (Image 4) is newer than temp directory (Image 3 above) and therefore end-up in the output consolidate_test directory.

Image 5 : Consolidate directory and files

There you go, a great way to consolidate your mess of duplicate files.

Fix Path Tool Long Error and Conslidation

Richcopy will bomb on paths too long errors. It's a problem for many tools.

I build a specialized tool to solve the path too long issue completely. Path Tool Long Auto Fixer tool is the 1st tool on the market to find all directories and filenames that are too long and auto correct them!

Download free demo at https://pathtoolongautofixer.blogspot.com

Preview

Tuesday, November 18, 2025

Windows 10 - Upgrading to latest version of Curl for Developers

Windows 10 comes with it's own curl but seems to be behind on the curl updates. So I wanted manually update curl to latest version which is curl 8.17.0 at time of writing.

Get latest curl for Windows

Firstly, delete curl.exe at C:\windows\system32 and C:\Windows\SysWOW64, these were stuck at version 7.52.0. You'll need take ownership of the file, with your username.

Then find what default curl.exe is being used in the command line cmd.exe.

Execute where curl.exe

So, we see chocalatey is now the source of curl.exe command, it's 1st on the resultant list.

Upgrading chocalety, using following command

choco upgrade chocolatey
choco upgrade curl

Upgrade completed with proper shims.

If you don't have chocalety, then you can manually copy files from curl 8.17.0 zip folder /bin copy these files:

curl-ca-bundle.crt

curl.exe

libcurl-x64.def

libcurl-x64.dll

trurl.exe

to next directory in the list.

And now curl is upgraded in cmd.exe when you launch it.

C:\Users\Markus>curl -V
curl 8.17.0 (x86_64-w64-mingw32) libcurl/8.17.0 LibreSSL/4.2.1 zlib/1.3.1.zlib-ng brotli/1.2.0 zstd/1.5.7 WinIDN libpsl/0.21.5 libssh2/1.11.1 nghttp2/1.68.0 ngtcp2/1.17.0 nghttp3/1.12.0
Release-Date: 2025-11-05
Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns ldap ldaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc AsynchDNS brotli CAcert HSTS HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM PSL SPNEGO SSL SSLS-EXPORT SSPI threadsafe UnixSockets zstd

And don't forget to rock.

Sunday, November 16, 2025

How to read/view a damage/corrupt PDF file

Sometimes PDF files can get scrambled and you are stuck not being able to open a PDF file. Most PDF software cannot open the test file below. Adobe Acrobat Reader issues the pop-up screen could not open because it's not a supported file type or the file has been damaged.

Solution:

Get XpdfReader PDF software which can open limited malformed PDF files!

Also XPDFReader does not implement the Adobe JavaScript engine required for interactive features like calculations, validations, or dynamic field updates, make it safer option.

For more information about internal structure of PDFs

1. Basic Structure of PDF documents | Automate PDF (automatizarpdf.com)

2. In-depth exploration of PDF document structure - losLab Software Development

Test 1:

In the following sample file, the file starts with malformed PDF file signature

%P!F- which is incorrect and should be %PDF-, as seen in FRHED editor.

XpdfReader is the only app I came across that could open this file with this first malformed change.

Test 2:

Then I remove leading angle bracket < where there should be two for <<Lineralired, and it opened!

Source

The original unadulterated file header is

%PDF-1.5%<bh:e2><bh:e3><bh:cf><bh:d3>10 0 obj\<</Linearized 1/L 105981/O 12/E 101484/N 1/T 105677/H [ 502 173]>>endobj

Opened Malformed File

For more information about internal structure of PDFs

1. Basic Structure of PDF documents | Automate PDF (automatizarpdf.com)

2. In-depth exploration of PDF document structure - losLab Software Development

Example of absolute minimal PDF file contents "Hello World", copy and pasted into FHRED.

%PDF-1.1
1 0 obj
<< /Type /Catalog /Pages 2 0 R >>
endobj
2 0 obj
<< /Type /Pages /Kids [3 0 R] /Count 1 >>
endobj
3 0 obj
<< /Type /Page /Parent 2 0 R /MediaBox [0 0 200 200] /Contents 4 0 R /Resources << /Font << /F1 5 0 R >> >> >>
endobj
4 0 obj
<< /Length 44 >>
stream
BT
/F1 12 Tf
72 100 Td
(Hello World) Tj
ET
endstream
endobj
5 0 obj
<< /Type /Font /Subtype /Type1 /BaseFont /Helvetica >>
endobj
xref
0 6
0000000000 65535 f 
0000000009 00000 n 
0000000056 00000 n 
0000000107 00000 n 
0000000212 00000 n 
0000000310 00000 n 
trailer
<< /Size 6 /Root 1 0 R >>
startxref
380
%%EOF

Here's Hello World.pdf opened in XpdfReader 4.06

Friday, November 14, 2025

Trouble reading PDF file? Solution to reading malformed damaged PDF files

Solution:

Get XpdfReader PDF software which can open a minor malformed PDF file(s)!

Also, XPDFReader does not implement the Adobe JavaScript engine required for interactive features like calculations, validations, or dynamic field updates, make it safer option.

Note: The #1 way to spread malware are PDF files that contain JavaScript script that executes when the file is opened, see my extensive post on this Locking down Adobe Reader to prevent PDF vulnerabilities, as much as possible for the dangers.

For more information about internal structure of PDFs

1. Basic Structure of PDF documents | Automate PDF (automatizarpdf.com)

2. In-depth exploration of PDF document structure - losLab Software Development

3. Great tool to analyze PDFs - PDF Stream Dumper (sandsprite.com)

Test 1:

In the following sample file, the file starts with malformed PDF file signature

%P!F- which is incorrect and should be %PDF-, as seen in FRHED editor.

XpdfReader is the only app I came across that could open this file with this first malformed change.

Test 2:

Then I remove leading angle bracket < where there should be two for <<Lineralired, and it opened!

Source

The original unadulterated file header is

%PDF-1.5%<bh:e2><bh:e3><bh:cf><bh:d3>10 0 obj\<</Linearized 1/L 105981/O 12/E 101484/N 1/T 105677/H [ 502 173]>>endobj

Opened Malformed File

For more information about internal structure of PDFs

1. Basic Structure of PDF documents | Automate PDF (automatizarpdf.com)

2. In-depth exploration of PDF document structure - losLab Software Development

Example of absolute minimal PDF file contents "Hello World", copy and pasted into FHRED.

%PDF-1.1
1 0 obj
<< /Type /Catalog /Pages 2 0 R >>
endobj
2 0 obj
<< /Type /Pages /Kids [3 0 R] /Count 1 >>
endobj
3 0 obj
<< /Type /Page /Parent 2 0 R /MediaBox [0 0 200 200] /Contents 4 0 R /Resources << /Font << /F1 5 0 R >> >> >>
endobj
4 0 obj
<< /Length 44 >>
stream
BT
/F1 12 Tf
72 100 Td
(Hello World) Tj
ET
endstream
endobj
5 0 obj
<< /Type /Font /Subtype /Type1 /BaseFont /Helvetica >>
endobj
xref
0 6
0000000000 65535 f 
0000000009 00000 n 
0000000056 00000 n 
0000000107 00000 n 
0000000212 00000 n 
0000000310 00000 n 
trailer
<< /Size 6 /Root 1 0 R >>
startxref
380
%%EOF

Here's Hello World.pdf opened in XpdfReader 4.06

Thursday, November 13, 2025

Sysinternals Process Explorer 16.43 is last working final version for Windows 7

Process Explorer v17.07

By Mark Russinovich

Published: November 11, 2025

no longer works on Windows 7. Windows 7 support is finally dead buy why?

Windows OS has over 1.5 billion active users globally as of 2025, and @2.5% thus 37.5 million are still active Windows 7 users!

Last know version to work on Windows 7 is Process Explorer v16.43 back in November 22, 2021.

Get it here Process Explorer 16.43 | System Monitors (fileeagle.com)

Wednesday, November 12, 2025

Detecting Glassworm malware hidden characters fast using file regex search with grepWin

A number of Visual Studio Code extensions have been infected with Glassworm and here's a fast way to check if your repo is infected using grepWin - Stefans Tools (stefankueng.com) a fast C open-source grep UI tool for Windows.

How GlassWorm wormed its way back into developers’ code — and what it says about open source security | InfoWorld Nov 10 Nov 2025

According to article above, this repo is infected with Glassworm

ai-driven-dev/vscode (github.com)

The article below lists Unicode characters that are deployed using Glassworm

Defending Against Glassworm: The Invisible Malware That's Rewriting Supply Chain Security | Snyk - 3 Nov 2025

The 277 explicit confusable characters used by Glassworm;

Bidirectional Unicode controls (U+202A-U+202E, U+2066-U+2069)
Zero-width characters (U+200B, U+200C, U+200D)
Variation selectors (U+FE00-U+FE0F) — the base 16 selectors
Extended Variation Selectors (U+E0100-U+E01EF) — 240 additional characters used in Glassworm
No-break space (U+00A0)
Word joiner, soft hyphen, and other invisible characters

grepWin uses Perl regular expression syntax. Test at https://regex101.com/r/VNSYwc/2 choose PCRE2.

Here's the grepWin regex for:

Bidirectional Unicode controls (U+202A-U+202E, U+2066-U+2069)
Zero-width characters (U+200B, U+200C, U+200D)

Variation selectors (U+FE00-U+FE0F) — the base 16 selectors

[\x202A\x202B\x202C\x202D\x202E\x2066\x2067\x2068\x2069\x200B\x200C\x200D\xFE00\xFE01\xFE02\xFE03\xFE04\xFE05\xFE06\xFE07\xFE08\xFE09\xFE0A\xFE0B\xFE0C\xFE0D\xFE0E\xFE0F]

Here's the grepWin regex for: