7-zip vulnerability - update now!


Ghot

Ghot

Well-known member
Guru
VIP
Local time
2:40 AM
Posts
15,555
Location
PA, USA
OS
Win 11 Home ♦♦♦26100.3775 ♦♦♦♦♦♦♦24H2 ♦♦♦non-Insider

 Older versions of 7-Zip allow malicious code execution.


www.zerodayinitiative.com

ZDI-24-1532

7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability
www.zerodayinitiative.com www.zerodayinitiative.com

cybersecuritynews.com

Critical 7-Zip Vulnerability Let Attackers Execute Arbitrary Code

A severe security vulnerability has been discovered in 7-Zip, the popular file compression utility, allowing remote attackers to execute malicious code through specially crafted archives.
cybersecuritynews.com cybersecuritynews.com

A severe security vulnerability has been discovered in 7-Zip, the popular file compression utility, allowing remote attackers to execute malicious code through specially crafted archives.


The vulnerability tracked as CVE-2024-11477 has received a high CVSS score of 7.8, indicating significant security risks for users of affected versions.


The flaw specifically exists within the Zstandard decompression implementation, where improper validation of user-supplied data can result in an integer underflow before writing to memory.


This vulnerability enables attackers to execute arbitrary code in the context of the current process when users interact with malicious archives.
Click to expand...


7-zip download links

7-zip 24.08 scans clean locally and at Virtustotal...







______________________________________________________________________________________________________________________________

Credit goes to the... Panda. :-)

Z-Zip Vulnerabilty. Users should update now - Windows 10 Help Forums

November 25, 2024 Source: Critical 7-Zip Vulnerability Let Attackers Execute Arbitrary Code Mitigation and Fixes 7-Zip has addressed this security issue in version 24.07. Since the software lacks an integrated update mechanism, users must manually downloa
www.tenforums.com www.tenforums.com



@Brink
@z3r010
 
Last edited:

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦26100.3775 ♦♦♦♦♦♦♦24H2 ♦♦♦non-Insider
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE (BIOS 5002)
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    DRW-24B1ST CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    Cooler Master ATCS 840 Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    300/300
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Internet Security
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® (not in use)
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Mouse
    Logitech Optical M-BT96a
    Keyboard
    Logitech Classic Keybooard 200
    Internet Speed
    300/300
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 15 years?
So... if you download anything with a .7z extension,
make sure to scan it at Virustotal.com, before opening it... with an older version of 7-zip.

Or... just download 7-zip version 24.08 and install it, and you're covered. :-)
 
Last edited:

My Computers

System One System Two

  • OS
    Win 11 Home ♦♦♦26100.3775 ♦♦♦♦♦♦♦24H2 ♦♦♦non-Insider
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® [May 2020]
    CPU
    AMD Ryzen 7 3700X
    Motherboard
    Asus Pro WS X570-ACE (BIOS 5002)
    Memory
    G.Skill (F4-3200C14D-16GTZKW)
    Graphics Card(s)
    EVGA RTX 2070 (08G-P4-2171-KR)
    Sound Card
    Realtek ALC1220P / ALC S1220A
    Monitor(s) Displays
    Dell U3011 30"
    Screen Resolution
    2560 x 1600
    Hard Drives
    2x Samsung 860 EVO 500GB,
    WD 4TB Black FZBX - SATA III,
    WD 8TB Black FZBX - SATA III,
    DRW-24B1ST CD/DVD Burner
    PSU
    PC Power & Cooling 750W Quad EPS12V
    Case
    Cooler Master ATCS 840 Tower
    Cooling
    CM Hyper 212 EVO (push/pull)
    Keyboard
    Ducky DK9008 Shine II Blue LED
    Mouse
    Logitech Optical M-100
    Internet Speed
    300/300
    Browser
    Firefox (latest)
    Antivirus
    Bitdefender Internet Security
    Other Info
    Speakers: Klipsch Pro Media 2.1
  • Operating System
    Windows XP Pro 32bit w/SP3
    Computer type
    PC/Desktop
    Manufacturer/Model
    Built by Ghot® (not in use)
    CPU
    AMD Athlon 64 X2 5000+ (OC'd @ 3.2Ghz)
    Motherboard
    ASUS M2N32-SLI Deluxe Wireless Edition
    Memory
    TWIN2X2048-6400C4DHX (2 x 1GB, DDR2 800)
    Graphics card(s)
    EVGA 256-P2-N758-TR GeForce 8600GT SSC
    Sound Card
    Onboard
    Monitor(s) Displays
    ViewSonic G90FB Black 19" Professional (CRT)
    Screen Resolution
    up to 2048 x 1536
    Hard Drives
    WD 36GB 10,000rpm Raptor SATA
    Seagate 80GB 7200rpm SATA
    Lite-On LTR-52246S CD/RW
    Lite-On LH-18A1P CD/DVD Burner
    PSU
    PC Power & Cooling Silencer 750 Quad EPS12V
    Case
    Generic Beige case, 80mm fans
    Cooling
    ZALMAN 9500A 92mm CPU Cooler
    Mouse
    Logitech Optical M-BT96a
    Keyboard
    Logitech Classic Keybooard 200
    Internet Speed
    300/300
    Browser
    Firefox 3.x ??
    Antivirus
    Symantec (Norton)
    Other Info
    Still assembled, still runs. Haven't turned it on for 15 years?
You must log in or register to reply here.

Similar threads

Solved 7-Zip vulnerability
Replies
8
Views
2K
jimbo45
jimbo45

Latest Support Threads

Latest Tutorials

Back
Top Bottom