Kaspersky
Solved

Vulnerabilitie 7-Zip console, NSIS Uninstall information.

  • 15 April 2021
  • 8 replies
  • 101 views

Hello

I scanned the vulnerability of my pc and Kaspersky showed me this

 

 

When I click on the Details button I am informed that there is a critical vulnerability in 7-zip. 

 

KLA11240
CRITICAL VULNERABILITY IN 7-ZIP

It is stated to update to the latest version of 7-zip.

 

I have never used 7-zip. I cannot find it in programs when I search my laptop for it.

The only mention of it, is in NSIS Uninstall Information file. 

 

 

There are 3 mentions of 7-zip in this folder.

What should I do to get rid of this vulnerability.

 

I have tried installing and deleting the latest version of 7-zip but when I run another vulnerability scan I get the same result.

 

icon

Best answer by Wesly.Zhang 18 April 2021, 16:42

I already use the most up to date CyberLink Power Media Player that I can freely download and there is a CyberLink folder In Program Files, so I have no idea why this Setup.exe exists in this folder.

 

I have downloaded 7-zip 19.00 and then deleted it and then downloaded 7-zip 21.01 and then deleted it, then ran the vulnerability scan again with the same result.


Hello,

Could you unintall CyberLink Power Media Player and reboot your pc. after do that, Please check the folder which has 7zip and zip dll has gone or not. If it has been deleted, Please reinstall the latest CyberLink Power Media Player and check vulnerability again. If it hasn’t been deleted, You can delete the folder.

If this issue happen again, I think CyberLink Power Media Player has include a vulnerability 7zip component. You and us couldn’t deal with this situation except you overwrite the file using the latest 7zip exe and dll to solve the problem. or make a exclusion for this file in KL settings.

Regards.

View original

8 replies

Userlevel 7
Badge +4

Hello,

Could you run setup.exe to see what the application it is?

Regards.

The application is from CyberLink Corp.

Do you still want me to run the Setup.exe file?

 

Userlevel 7
Badge +4

The application is from CyberLink Corp.

Do you still want me to run the Setup.exe file?

 


Hello,

Please try to search this application to find the newest build and install it. If you couldn’t, Please ignore this issue. This applicaion use old and vulnerabilitie 7-Zip component.

In addition, in order to temporarily solve the problem, you can download the no-installation version of 7zip, extract the relevant files from it, and overwrite this file to solve the problem, but this may cause problems when you uninstall the relevant program. You should consider whether you need to do this.

Regards.

Userlevel 7
Badge +8

It is started to update to the latest version of 7-zip.

Are you referring to  7-Zip version 21.01 alpha ?
Please follow the download link provided by  @Wesly.Zhang 

 

 

I already use the most up to date CyberLink Power Media Player that I can freely download and there is a CyberLink folder In Program Files, so I have no idea why this Setup.exe exists in this folder.

 

I have downloaded 7-zip 19.00 and then deleted it and then downloaded 7-zip 21.01 and then deleted it, then ran the vulnerability scan again with the same result.

Userlevel 7
Badge +4

I already use the most up to date CyberLink Power Media Player that I can freely download and there is a CyberLink folder In Program Files, so I have no idea why this Setup.exe exists in this folder.

 

I have downloaded 7-zip 19.00 and then deleted it and then downloaded 7-zip 21.01 and then deleted it, then ran the vulnerability scan again with the same result.


Hello,

Could you unintall CyberLink Power Media Player and reboot your pc. after do that, Please check the folder which has 7zip and zip dll has gone or not. If it has been deleted, Please reinstall the latest CyberLink Power Media Player and check vulnerability again. If it hasn’t been deleted, You can delete the folder.

If this issue happen again, I think CyberLink Power Media Player has include a vulnerability 7zip component. You and us couldn’t deal with this situation except you overwrite the file using the latest 7zip exe and dll to solve the problem. or make a exclusion for this file in KL settings.

Regards.

Userlevel 7
Badge +4

Hello, @mit123456789 

You mention:

I have no idea why this Setup.exe exists in this folder

Let me explain why this setup exists in that folder.

The path :C:\Program Files(x86)\NSIS Uninstall Information\{32C8E300-BDB4-4398-92C2-E98B7D8A23.......}

It save your program uninstall information,  CyberLink Power Media Player use NSIS to create application installer package. so what‘s the reason why this folder exists. So I advices you uninstall the CyberLink Power Media Player first, It could check those two 7zip file whether is related to CyberLink Power Media Player installer package. Any questions you can reply here and @ to me

Regards.

Hello

I uninstalled CyberLink Power Media Player and rebooted my PC. 

The NSIS uninstall Information file was deleted.

I have reinstalled CyberLink Power Media Player again and checked the vulnerability again.

No vulnerabilities are showing up.

Thank you for the help.

Reply