Archive or Trojan horse? A critical vulnerability in 7-ZIP threatens millions of devices.

Man

Professional
Messages
2,956
Reaction score
477
Points
83
The vulnerability can be exploited without the knowledge of users.

A vulnerability has been discovered in the 7-Zip file compression tool that could allow attackers to remotely execute malicious code through specially prepared archives. To fix the problem, the developers released an update that must be installed manually, since the program does not support automatic installation of updates.

The vulnerability, registered as CVSS CVE-2024-11477 with a CVSS severity score of 7.8, is due to insufficient validation of input data when processing files compressed using the Zstandard algorithm. This can lead to memory overflow and malicious code injection. Zstandard is widely used in systems such as Btrfs, SquashFS, and OpenZFS, as well as for HTTP compression, due to its high speed and compression efficiency.

Attackers can exploit the vulnerability by sending specially prepared archives to 7-Zip users, for example, via email or network shares. When opening such a file, malicious code may be injected.

The issue was identified by researchers at Trend Micro's Zero-Day Initiative in June 2024 and fixed in version 7-Zip 24.07. At the moment, the updated version 24.08 is available, which can be downloaded from the official website of the program. Users are advised to install the latest version or, if 7-Zip is not necessary, uninstall the program, as modern versions of Windows File Explorer support 7-Zip files by default.

Source
 
Top