describe:
Security researchers have discovered a security vulnerability in 7-Zip's popular file archiving program that allows attackers to bypass Windows' security defenses with malware, the vulnerability number is CVE-2025-0411With a CVSS rating of 7.0 (high), an attacker could use this vulnerability to bypass the "Mark-of-the-Web" ("Mark of the Web") vulnerability in Windows.MOTW) security feature, an important security mechanism used to mark files downloaded from the Internet. This marking warns users that the file may be potentially dangerous and triggers security measures such as protected views in Microsoft Office, making it more difficult for malicious code to execute.
Vulnerability details:
This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected 7-Zip installations. To exploit this vulnerability, user interaction is required, i.e. the target must visit a malicious page or open a malicious file.
This particular vulnerability exists in the handling of archive files. When extracting files from a well-designed archive with Mark-of-the-Web, 7-Zip does not propagate Mark-of-the-Web to the extracted files. An attacker can exploit this vulnerability to execute arbitrary code in the context of the current user.
Impact of the vulnerability:
The vulnerability affects all versions of 7-Zip up to version 24.07. Users are strongly advised to update to version 24.09, which resolves the issue and ensures that the MOTW flag is correctly propagated to extracted files.
October 1, 2024: the vulnerability has been reported to the vendor.
January 19, 2025: coordinate public disclosure and release of patches.
Repair suggestions:
Updating the software: Users should immediately upgrade to 7-Zip version 24.09 or later.
Please exercise caution: avoid opening files from unknown or untrusted sources.
Original article by Chief Security Officer, if reproduced, please credit https://cncso.com/en/7-zip-remote-code-execution-vulnerability-html
