A severe security vulnerability has been discovered in 7-Zip, the popular file compression utility, allowing remote attackers to execute malicious code through specially crafted archives.
The vulnerability tracked as CVE-2024-11477 has received a high CVSS score of 7.8, indicating significant security risks for users of affected versions.
The flaw specifically exists within the Zstandard decompression implementation, where improper validation of user-supplied data can result in an integer underflow before writing to memory.
This vulnerability enables attackers to execute arbitrary code in the context of the current process when users interact with malicious archives.
According to Nicholas Zubrisky of Trend Micro Security Research, attackers can exploit this vulnerability by convincing users to open carefully prepared archives, which could be distributed through email attachments or shared files.
Leveraging 2024 MITRE ATT&CK Results for SME & MSP Cybersecurity Leaders – Attend Free Webinar
The Zstandard format, particularly prevalent in Linux environments, is commonly used in various file systems, including Btrfs, SquashFS, and OpenZFS.
The vulnerability poses significant risks as it allows attackers to:
- Execute arbitrary code on affected systems
- Gain the same access rights as logged-in users
- Potentially achieve complete system compromise
Mitigation and Fixes
7-Zip has addressed this security issue in version 24.07. Since the software lacks an integrated update mechanism, users must manually download and install the latest version to protect their systems. IT administrators and software developers who implement 7-Zip in their products should immediately update their installations to the patched version.
The vulnerability was initially reported to 7-Zip in June 2024, with the coordinated public disclosure occurring on November 20, 2024. Security experts emphasize the importance of prompt patching, as the vulnerability requires minimal technical expertise to exploit, though no known malware is currently targeting this flaw.
This incident highlights the critical importance of input validation in application security, particularly when processing data from potentially untrusted sources. Organizations and individuals using 7-Zip or products that incorporate its functionality should prioritize updating to the latest version to maintain system security.
Are you from SOC/DFIR Teams? – Analyse Malware & Phishing with ANY.RUN -> Try for Free