It is better to be safe than sorry...
So now we are BOTH "safe" AND "sorry" 
Well yeah... It would seem so!
]]>It is better to be safe than sorry...
So now we are BOTH "safe" AND "sorry"
I received a link to here http://www.ee.oulu.fi/research/ouspg/pr … 0/archive/
Apparently this was all started by a a college research paper that displays the POTENTIAL to exploit many archive programs like 7zip and many others.
i wish to publicly apologize, and withdraw the word 'rumor'. Since it is actually based on a published Thesis paper at a University.
that just leaves us with unsubstantiated 
LOL (Show me a link to a SARC report or similar)
Don't ever hesitate to post a 'heads up' to a problem we may have - or potentialy could have.
We do want to know!
At this time there is just nothing for us to worry about since no known exploits actually exist in the wild 
Once an exploit was exposed we could then evaluate any potential exposure from a bootable ROM (DVD) (probably NIL)
(it is usually at this point one of my fellow team members will shoot me down LOL)
I admire your persistence and professionalism Xabib... I hope we see more of you in the future~
Have a great day and please accept our warm welcome.
]]>
usually it is AVG
(they are absolutely the worst AV - if your rating is based on the reporting of false positives)
- if i had a dollar for every false positive reported here i would be rich
Again, Thank YOU
It is better to be safe than sorry...
We'll have to make an exception on our software detector.
Thanks, anyway.
]]>the thing is we don't have any bugs...
Because of our unique usage of the 7zip application we are not exposed now,
nor would we be exposed in the future to any potential exploit of 7zip
- especially an unreported, unspecified or more likely a non existent one...
There is no benefit for us to update 7zip, and updating could cause issues with our apps.
Un7zip our custom app, is not distributed by 7zip.
and therefore is not nor would it be affected by your indicated reports...
(Un7zip is not a 7zip application - it is our own custom app)
Un7zip is extensively tested and known for a fact to be faster with the currently used 7zip dll...
I will not give that up without a valid reason.
No valid reason has been presented yet.
Since no info about the alleged exploit is available
it is most likely that it will not even affect our custom Un7zip app.
Upgrading will definitely increase the already lengthy extraction times during the DriverPacks installation.
We are glad you brought it to our attention!
But I see absolutely no reason to change anything...
At least not at this time... and certainly not based on unsubstantiated rumor.
This CVE Identifier has "Candidate" status and must be reviewed and accepted by the CVE Editorial Board before it can be updated to official "Entry" status on the CVE List. It may be modified or even rejected in the future.
It is not an official report.... "it is only a candidate and may be removed"
YOU have Still NOT provided any reliable source that indicates any problem at all, of anything at all...
not only is it not a serious vunerability... there is in fact no evidence of a vunerability at all...
]]>http://cve.mitre.org/cgi-bin/cvename.cg … -2008-6536
The point is, it is a simple fix (no change to source code, just replacin the executables), and the more closed doors, the better. It probably isn't a serious vulnerability, and in the scope it is used in the program is almost imposible to reproduce. Just reporting, if you want you could upgrade it. We use a tool in our office that tells us when there's any software that has a vulnerability reported, and that's why I reported. I've already fixed it in my machine (replacing the exe and dll from 7 zip, but I thought it could help others with similar tools, and using your software.
Salutes!
]]>Espacialy when the title of said report is "7-zip Unspecified Vulnerability". That is just a little to vague to inspire action...
Our usage with the DriverPacks is during an install from a read only media before any network conections would possably be made.
Zero exposure... (to a problem that seemingly doesn't exist anyway) Think about it for a minute...
]]>http://secunia.com/advisories/29434/
Please upgrade your version to the latest one.
Great program, keep the good work!
]]>