Cisco Blogs

Vulnerability Walkthrough: 7zip CVE-2016-2334 HFS+ Code Execution Vulnerability

November 30, 2017 - 0 Comments

This blog post was authored by Marcin Noga of Cisco Talos.


In 2016 Talos released an advisory for CVE-2016-2334, which was a remote code execution vulnerability affecting certain versions of 7zip, a popular compression utility. In this blog post we will walk through the process of weaponizing this vulnerability and creating a fully working exploit that leverages it on Windows 7 x86 with the affected version of 7zip (x86 15.05 beta) installed.


In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.