SecTeer VulnDetect Support Forum

    VulnDetect

    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Download VulnDetect Installer

    [Solved] 7-Zip (Portable) - Version not detected

    Solved Detection Issues
    app-detection
    3
    22
    8347
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      GregAlexandre @OLLI_S last edited by

      @olli_s : I understand that you do not want embedded products to be be reported as unsafe even if they are.
      But if the embedded is not safe this means that the embedding product is unsafe. So if the embedded product is not reported as unsafe the embedding product should be reported as unsafe even when no fix is available.

      I quickly tested one of the 7z.exe in NVIDIA directories and it seems a fully usable 7z command line executable. So its vulnerabilities can be used by a malware.

      @Tom : Will te embedding product reported as unsafe ?
      Regards.

      T 1 Reply Last reply Reply Quote 0
      • OLLI_S
        OLLI_S Community Moderator last edited by OLLI_S

        @gregalexandre said in 7-Zip (Portable) - Version not detected:

        NVIDIA GE Force downloader left at least 3 versions of 7z.exe

        I moved your topic to this topic here, because here I wrote at posting #6 that these bundled instances should be ignored because the user must not update these versions.
        These updates must be delivered by NVIDIA.

        On the other hand:
        It might be useful to see that NVIDIA (and also Star Citizen) are delivering out-of-date and unsafe instances of 7-Zip.
        Star Citizen delivers version 15.05 beta and the current version is 18.05
        So it might be useful to know that there are possible vulnerabilities that the user can not fix.

        1 Reply Last reply Reply Quote 0
        • G
          GregAlexandre last edited by

          NVIDIA GE Force downloader left at least 3 versions of 7z.exe: C:\ProgramData\NVIDIA Corporation\Downloader\latest\GFExperience\7z.exe
          Same in Programmes files ans same in "Users\all users".
          I have no idea of the exploitability index of this vulnerability (can be null) but thanks to vulndetect, this shows me that NVIDIA installer is one more time not clean.
          Can we safely remove these unsafe 7z.exe versions? Is there a safe way to use (except removing GE Force Experience ☺ )?
          Thanks and regards.
          Greg.

          1 Reply Last reply Reply Quote 0
          • OLLI_S
            OLLI_S Community Moderator last edited by

            Yes, for 7-Zip in Star Citizen an update is offered.
            This morning I saw only 4 instances of 7-Zip, now I see 6 instances.
            So the only thig that is left here is that for 7-Zip bundled with other apps no updates should be offered.

            1 Reply Last reply Reply Quote 0
            • T
              Tom VulnDetect Team Member @OLLI_S last edited by

              @olli_s The one bundled with Star Citizen is because it is a beta version, so that should equate to the "?" with the current limitations.
              About the PortableApps, that is rather peculiar as I just verified, the 32 bit version you have on your system is identical to the 32 bit on my systems and that is detected correctly.
              The updates for Nvidia and other versions are still expected due to the current limitations with the rules.
              Does it not offer an update for the one with Star Citizen?

              /Tom
              Download the latest SecTeer VulnDetect agent here:
              https://vulndetect.com/dl/secteerSetup.exe

              1 Reply Last reply Reply Quote 0
              • OLLI_S
                OLLI_S Community Moderator last edited by OLLI_S

                I had a look at the scan results and detected three issues.


                Now I see only 4 installed instances of 7-Zip, the following folders are not shown anymore:

                • D:\PortableApps\PortableApps\7-ZipPortable\App\7-Zip\7z.exe
                • D:\PortableApps\PortableApps\7-ZipPortable\App\7-Zip64\7z.exe

                Have you hidden them or is this a bug in your rules?
                Because these are not bundled versions.


                For the other 4 remaining folders VulnDetect offers me updates although these are bundled versions:

                • C:\ProgramData\ NVIDIA Corporation \Downloader\PostProcessing\GFE\4ccc741fdd0ba2ac5593e823bdde3d30\GFExperience\7z.exe
                • C:\Program Files\ NVIDIA Corporation \NVIDIA GeForce Experience\7z.exe
                • C:\Users\All Users\ NVIDIA Corporation \Downloader\PostProcessing\GFE\4ccc741fdd0ba2ac5593e823bdde3d30\GFExperience\7z.exe
                • E:\ StarCitizen \RSI Launcher\resources\app.asar.unpacked\node_modules\7zip\7zip-lite\7z.exe

                I know that you want to exclude the bundled versions of 7-Zip the next weeks.
                Just want to point out that this is important because the user must not update these instances (VulnDetect offers a download link)


                The installed version can not be detected in the following folder (the text ? is shown):

                • E:\StarCitizen\RSI Launcher\resources\app.asar.unpacked\node_modules\7zip\7zip-lite\7z.exe

                This was the reason why I suggested the debug mode.
                So I can see what is detected but hidden and what is missing.

                T G 2 Replies Last reply Reply Quote 0
                • OLLI_S
                  OLLI_S Community Moderator last edited by

                  I know that you want to exclude the bundled occurrence of applications, so I reported it that you can adjust your rules.

                  1 Reply Last reply Reply Quote 1
                  • T
                    Tom VulnDetect Team Member last edited by

                    @OLLI_S Yes, we improved the detection of 7-Zip. The contextual rules, that will eliminate these cases where it is bundled is an upcoming feature. It will be implemented in a week or two.

                    /Tom
                    Download the latest SecTeer VulnDetect agent here:
                    https://vulndetect.com/dl/secteerSetup.exe

                    1 Reply Last reply Reply Quote 0
                    • OLLI_S
                      OLLI_S Community Moderator last edited by OLLI_S

                      7-Zip is now detected 6 times.
                      Here a complete list of all folders:

                      • New: C:\ProgramData\NVIDIA Corporation\Downloader\PostProcessing\GFE\4ccc741fdd0ba2ac5593e823bdde3d30\GFExperience\7z.exe
                      • New: C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\7z.exe
                      • New: C:\Users\All Users\NVIDIA Corporation\Downloader\PostProcessing\GFE\4ccc741fdd0ba2ac5593e823bdde3d30\GFExperience\7z.exe
                      • D:\PortableApps\PortableApps\7-ZipPortable\App\7-Zip\7z.exe
                      • D:\PortableApps\PortableApps\7-ZipPortable\App\7-Zip64\7z.exe
                      • E:\StarCitizen\RSI Launcher\resources\app.asar.unpacked\node_modules\7zip\7zip-lite\7z.exe

                      I searched all my local hard drives for 7z.exe but I also just found these 6 folders.

                      1 Reply Last reply Reply Quote 0
                      • OLLI_S
                        OLLI_S Community Moderator last edited by

                        Today 7-Zip is found a 3rd time:

                        • D:\PortableApps\PortableApps\7-ZipPortable\App\7-Zip\7z.exe (from PortableApps.com)
                          This folder is for the 32.Bit version (in my first posting it is for the 64-Bit version).
                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Download SecTeer Personal VulnDetect - an alternative to the long lost Secunia PSI

                        Please see our Privacy and Data Processing Policy
                        Sponsored and operated by SecTeer | VulnDetect is a replacement for the EoL Secunia PSI
                        Forum software by NodeBB