Closed NO-ob closed 5 years ago
The article you linked is specific to 7-zip's unrar code, and ahoviewer doesn't use 7-zip at all.
The only thing that I can find about a recent vulnerability in the libzip libaray (which is what ahoviewer uses to decompress zip files) is the following: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14107 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12858
Neither have any mention of arbitrary code execution.
I'll try to include the latest version of libzip for Windows, as that's what I assume you are using, with the next release.
I was sent a malicious zip file which i opened with ahoviewer as I was told it contained images the zip file ran something which caused my mouse to lock up and i ended up with a virus after it. I'd say this needs to be fixed pretty urgently i'm not sure how you handle zip files so not saure about the exploit but did find this online when looking https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/