The Information Highway

The Information Highway

Font size: +
2 minutes reading time (311 words)

7-Zip vulnerability

Threat update

A security vulnerability in 7-Zip allows remote attackers to bypass defenses and execute malicious code via specially crafted archives. Read this Cybersecurity Threat Advisory to learn how to mitigate your risk from this new threat. 

Technical Detail and Additional Info

What is the threat?

The vulnerability exists within the Zstandard decompression implementation where improper validation of data can result in an integer underflow before writing to the memory. This vulnerability is incredibly easy to exploit. Threat actors can exploit any specific flaw in the implementation of the program's Zstandard decompression, upon which the validation of user-supplied data can then be leveraged to execute code on the user's machine. 

Why is it noteworthy?

While CVE-2024-11477 likely requires user interaction, such as opening a file, attackers can use the compromised archives to install malware on the victim's PC. Once inside, attackers can convince users to open specially crafted archives and leverage them to spread malware further through emails or shared files.

What is the exposure or risk?

7-Zip requires users to manually update the app. This means the effect of the vulnerability may linger until users updates their app. Anyone who uses 24.07 or earlier versions of 7-Zip are potentially compromised because of this vulnerability.

What are the recommendations?

 LBT Technology Group strongly recommends users to take these 6action to defend against this threat:

  • Update 7-Zip app to 24.08 or later versions.
  • Educate users to be vigilant and exercise caution when opening files with 7-zip. If they weren't expecting a zip file or don't recognize the sender, they should contact the IT department to verify for any malicious activity.
  • Apply input validation, especially when processing data from potentially untrusted sources.

References

 For more in-depth information about the recommendations, please visit the following links:


If you have any questions, please contact LBT's Sales Engineer.


RomCom exploits vulnerabilities
Kemp LoadMaster and VMware vCenter vulnerabilities

Related Posts

 

Comments

No comments made yet. Be the first to submit a comment
Saturday, 28 December 2024

Captcha Image

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023