Remote Code Execution Vulnerability in 7-Zip's Decompression Implementation

CVE-2024-11477

7.8HIGH

Key Information

Vendor
7-zip
Status
7-zip
Vendor
CVE Published:
22 November 2024

Badges

πŸ₯‡ Trended No. 1πŸ“ˆ TrendedπŸ“ˆ Score: 16,200πŸ‘Ύ Exploit Exists🟑 Public PoCπŸ“° News Worthy

What is CVE-2024-11477?

CVE-2024-11477 represents a serious vulnerability found in the 7-Zip file archiving software, specifically within its implementation of Zstandard decompression. 7-Zip is widely used for creating and extracting compressed files across various platforms. This vulnerability enables remote attackers to execute arbitrary code on affected installations, which could have dire consequences for organizations relying on 7-Zip for data handling and file management. Exploitation of this vulnerability not only compromises system integrity but may also lead to unauthorized access to sensitive data and provide an entry point for further attacks.

Technical Details

The root cause of CVE-2024-11477 lies in an integer underflow condition during Zstandard decompression, resulting from inadequate validation of user-supplied data. This flaw allows an attacker to manipulate input data in such a way that it triggers an integer underflow, allowing the attacker to control memory write operations. This manipulation can lead to the execution of arbitrary code within the context of the affected application, effectively giving the attacker substantial control over the system.

Impact of the Vulnerability

  1. Remote Code Execution: The most immediate impact of this vulnerability is the potential for remote code execution. Attackers can execute malicious code on vulnerable systems, leading to full system compromise.

  2. Data Theft and Unauthorized Access: Successful exploitation can lead to unauthorized access to sensitive files and data. An attacker may leverage the compromised system to exfiltrate confidential information, posing significant risks to organizational privacy and security.

  3. Propagation of Malware: The vulnerability provides a path for attackers to deploy malware or ransomware. Once they gain access to a system, they can utilize it as a launchpad for further attacks, potentially affecting interconnected systems and networks.

Affected Version(s)

7-Zip = 24.06

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

cve-2024-11477-writeup
Created by TheN00bBuilder

News Articles

favicon imageNeowin

WinRAR on Windows 11 gets faster, 7-Zip and NanaZip receive improvements too

WinRAR, 7-Zip and NanaZip have all received updates, which bring multiple improvements and bug fixes, including performance improvements.

3 weeks ago

favicon imageSystemTek

Severe security vulnerability discovered in 7-Zip [CVE-2024-11477]

A severe security vulnerability has been discovered in 7-Zip, the popular file compression utility, allowing remote attackers to execute malicious code through specially crafted archives. The vulnerability...

4 weeks ago

favicon imageGBHackers News

7-Zip RCE Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing attackers to execute arbitrary code remotely.

1 month ago

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1532/
x_research-advisory

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 🟑

    Public PoC available

  • πŸ₯‡

    Vulnerability reached the number 1 worldwide trending spot

  • πŸ“ˆ

    Vulnerability started trending

  • πŸ‘Ύ

    Exploit known to exist

  • πŸ“°

    First article discovered by GBHackers News

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)3 News Article(s)
.