Share This:

Cybersecurity Threat AdvisoryA security vulnerability in 7-Zip allows remote attackers to bypass defenses and execute malicious code via specially crafted archives. Read this Cybersecurity Threat Advisory to learn how to mitigate your risk from this new threat.

What is the threat?

The vulnerability exists within the Zstandard decompression implementation where improper validation of data can result in an integer underflow before writing to the memory. This vulnerability is incredibly easy to exploit. Threat actors can exploit any specific flaw in the implementation of the program’s Zstandard decompression, upon which the validation of user-supplied data can then be leveraged to execute code on the user’s machine.

Why is it noteworthy?

While CVE-2024-11477 likely requires user interaction, such as opening a file, attackers can use the compromised archives to install malware on the victim’s PC. Once inside, attackers can convince users to open specially crafted archives and leverage them to spread malware further through emails or shared files.

What is the exposure or risk?

7-Zip requires users to manually update the app. This means the effect of the vulnerability may linger until users updates their app. Anyone who uses 24.07 or earlier versions of 7-Zip are potentially compromised because of this vulnerability.

What are the recommendations?

Barracuda strongly recommends users to take these action to defend against this threat:

  • Update 7-Zip app to 24.08 or later versions.
  • Educate users to be vigilant and exercise caution when opening files with 7-zip. If they weren’t expecting a zip file or don’t recognize the sender, they should contact the IT department to verify for any malicious activity.
  • Apply input validation, especially when processing data from potentially untrusted sources.

References

For more in-depth information about the threat, please visit the following links:

If you have any questions about this Cybersecurity Threat Advisory, please contact Barracuda XDR’s Security Operations Center.


Share This:
Zachary Beaudet

Posted by Zachary Beaudet

Zachary is a Cybersecurity Analyst at Barracuda MSP. He's a security expert, working on our Blue Team within our Security Operations Center. Zachary supports our XDR service delivery and is highly skilled at analyzing security events to detect cyber threats, helping keep our partners and their customers protected.

Leave a reply

Your email address will not be published. Required fields are marked *