A Vulnerability in 7-Zip Might Allow Arbitrary Code Execution (CVE-2018-10115)

Article ID: SEC0015 A Vulnerability in 7-Zip Might Allow Arbitrary Code Execution (CVE-2018-10115)

Title

A Vulnerability in 7-Zip Might Allow Arbitrary Code Execution (CVE-2018-10115)

Reference

CVE-2018-10115  and MS-ISAC Advisory number 2018-049 report a vulnerability in 7-Zip 18.03 and earlier versions. (7-Zip is a free and open-source file archiver.) The vulnerability might allow remote hackers to execute arbitrary code when data is extracted from RAR files.

Commvault software does use 7-Zip binaries. However, Commvault software does not use RAR compression, and does not allow remote execution of the 7-Zip binaries.

All versions of Commvault V10 and V11 are unaffected by this vulnerability.