Welcome to WebmasterWorld Guest from 54.234.233.48

Forum Moderators: phranque

Message Too Old, No Replies

If you use Lhasa compression there's a bad bug to be patched

     
1:36 am on Apr 2, 2016 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member tangor is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 29, 2005
posts:7997
votes: 578


Cisco's Talos team has found a vulnerability in the Lhasa LZH/LHA decompression tool and library, and it's a nasty one because it means the decompression process gives attackers the chance to put whatever code they want on your machine.

[theregister.co.uk...]

Heads up for those using compression (and some of us do)