Serious vulnerability in 7-Zip allows remote code execution: are you protected?

  • A critical vulnerability affects 7-Zip versions prior to 24.07, allowing attackers to execute arbitrary code.
  • The flaw lies in the implementation of Zstandard decompression, causing an integer overflow.
  • Users must manually update to 7-Zip 24.08 to avoid risks as the tool lacks automatic updates.
  • Opening suspicious files can be used as an attack vector, highlighting the need for caution.

Vulnerability in 7-zip

A New vulnerability puts 7-Zip in the crosshairs, one of the most widely used file compression applications worldwide. This software, with a long history of trust across multiple operating systems, has been identified as vulnerable to attacks that could compromise both personal devices and corporate networks.

This vulnerability, Registered as CVE-2024-11477, affects all versions prior to 7-Zip 24.07 and allows attackers to execute malicious code. The issue lies in the Zstandard decompression module, where improper data validation can lead to an integer overflow, creating a loophole that facilitates unauthorized access to the system.

Technical causes behind the vulnerability

The flaw is in the Zstandard decompression library, a key component that is especially popular on Linux systems as it is compatible with Btrfs, SquashFS, and OpenZFS. Exploitation occurs when specially crafted files are manipulated to exploit this weakness. By interacting with these files, the attacker can execute code in the context of the current user, potentially compromising entire systems.

According to reports from Trend Micro Security and its Zero Day Initiative (ZDI), this vulnerability was discovered in June 2024 and received a CVSS rating of 7.8, classifying it as a high severity threat. Although it requires user interaction, such as opening a file, the high risk comes from easy access to these files through emails or shared files.

Impact on users and mitigation measures

The seriousness of this flaw lies in the large user base of 7-Zip, which includes both individuals and companies that rely on this tool to manage large volumes of data. Despite the release of a patch in version 24.07 and a subsequent improvement in 24.08, many users are unaware of the problem due to the lack of an automatic update system in 7-Zip.

Security experts advise Manually update the software to the latest available version to close this vulnerability. Developers responsible for products that integrate 7-Zip into their systems should also proceed immediately with updated implementations.

Recommendations to protect yourself

The current situation highlights the essentiality of taking preventive measures. Here are some practical steps:

  • Upgrade to 24.08-Zip version 7 through its official website.
  • Avoid opening compressed files from unreliable sources.
  • Uninstall older versions if it is not absolutely necessary necesario its use.
  • Complement your security with a good antivirus software to detect possible additional threats, although this point may not be so necessary on Linux.

In addition, organizations are advised to review their file management systems and perform awareness campaigns on the risks associated with handling compressed files.

The 7-Zip vulnerability serves as a reminder about the importance of adopting good cybersecurity practicesFrom regularly updating apps to being wary of unknown files, small steps can make all the difference in keeping your data and devices safe from cyberattacks.


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.