7-Zip vulnerability

A security vulnerability in 7-Zip allows remote attackers to bypass defenses and execute malicious code via specially crafted archives. Read this Cybersecurity Threat Advisory to learn how to mitigate your risk from this new threat. 

The vulnerability exists within the Zstandard decompression implementation where improper validation of data can result in an integer underflow before writing to the memory. This vulnerability is incredibly easy to exploit. Threat actors can exploit any specific flaw in the implementation of the program's Zstandard decompression, upon which the validation of user-supplied data can then be leveraged to execute code on the user's machine. 

​While CVE-2024-11477 likely requires user interaction, such as opening a file, attackers can use the compromised archives to install malware on the victim's PC. Once inside, attackers can convince users to open specially crafted archives and leverage them to spread malware further through emails or shared files.

7-Zip requires users to manually update the app. This means the effect of the vulnerability may linger until users updates their app. Anyone who uses 24.07 or earlier versions of 7-Zip are potentially compromised because of this vulnerability.

 LBT Technology Group strongly recommends users to take these 6action to defend against this threat:

• Update 7-Zip app to 24.08 or later versions.
• Educate users to be vigilant and exercise caution when opening files with 7-zip. If they weren't expecting a zip file or don't recognize the sender, they should contact the IT department to verify for any malicious activity.
• Apply input validation, especially when processing data from potentially untrusted sources.

 For more in-depth information about the recommendations, please visit the following links:

• https://cybersecuritynews.com/7-zip-vulnerability-arbitrary-code/
• https://www.yahoo.com/tech/popular-windows-utility-zip-files-225158967.html

If you have any questions, please contact LBT's Sales Engineer.