Replies: 2 comments
-
|
You can safely delete that folder, it is an old romanent from older versions. It is not used, so the CVEs wouldn't be exploitable either |
Beta Was this translation helpful? Give feedback.
-
|
This is a solution for me and the few other peoples which read this. But for all other users this is a bad message but an attacker who already got the opportunity to start a prozess on targeted PC searching for living off the land vulnerabilities will be happy that you don't delete known vulnerable (CVSS score of 9.9 out of 10!) files which your installer brought to the systems. Congratulation, a tool which would help the peoples to make their systems more safe but which contains new severe vulnerability. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
You deliver very outdated 7-Zip components with UniGetUI
C:\Program Files\WingetUI\choco-cli\tools>dir
Volum in Drive C: is xxxxxx
Volume serial number: xxxxxx
Directory of C:\Program Files\WingetUI\choco-cli\tools
08.06.2023 16:46 1.167.872 7z.dll
08.06.2023 16:46 513 7z.dll.manifest
08.06.2023 16:46 331.776 7z.exe
08.06.2023 16:46 0 7z.exe.ignore
08.06.2023 16:46 513 7z.exe.manifest
08.06.2023 16:46 1.927 7zip.license.txt
UniGetUI installation is uptodate and actively working good. Anyhow, you should update these components!
You should have at least these, and the highest CVSS score of them I've found is 9.9
CVE-2023-31102
CVE-2023-35089
CVE-2023-39312
CVE-2023-40481
CVE-2023-42627
CVE-2023-45896
CVE-2023-46149
CVE-2023-52168
CVE-2023-52169
CVE-2024-11477
CVE-2024-11612
CVE-2025-0411
CVE-2025-11001
CVE-2025-53816
CVE-2025-53817
CVE-2025-55188
https://www.cve.org/CVERecord/SearchResults?query=7-zip
Thanks for the audience and please react asap.
Beta Was this translation helpful? Give feedback.
All reactions