Remote Code Execution Vulnerability in 7-Zip's Decompression Implementation
CVE-2024-11477
Key Information:
Badges
What is CVE-2024-11477?
CVE-2024-11477 is a critical remote code execution vulnerability found in the 7-Zip file compression utility, particularly within its implementation of the Zstandard decompression algorithm. This flaw arises from improper validation of user input, leading to an integer underflow condition during the decompression process. This vulnerability allows remote attackers to execute arbitrary code on affected systems, posing a dire threat to organizations utilizing 7-Zip for file management and compression tasks.
The exploitation of CVE-2024-11477 requires an attacker to craft specially designed compressed files that can exploit the decompression flaw when processed by the software. If successfully executed, this can result in malicious code executing within the context of the current process, potentially allowing the attacker to gain unauthorized access to the system or escalated privileges. Given that 7-Zip is widely used across various sectors for file handling, the impact of this vulnerability may reach substantial levels, endangering sensitive data and critical system integrity.
Potential impact of CVE-2024-11477
-
Remote Code Execution: The most significant impact of CVE-2024-11477 is the potential for remote code execution, which enables attackers to run arbitrary code on vulnerable installations of 7-Zip. This could lead to unauthorized access, data breach, or system compromise.
-
Data Integrity Threat: Successful exploitation can compromise the integrity of data handled by affected systems. Malicious actors may alter, delete, or exfiltrate sensitive information, which could severely disrupt business operations and result in financial loss.
-
Supply Chain Risks: Organizations relying on 7-Zip may inadvertently become vectors for malware distribution, especially if malicious files are shared or exchanged. This vulnerability creates an avenue for broader attacks within an organization's supply chain, potentially affecting partners and customers connected through file-sharing practices.
Affected Version(s)
7-Zip 24.06
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
News Articles
NeowinCVE-2024-11477WinRAR on Windows 11 gets faster, 7-Zip and NanaZip receive improvements too
WinRAR, 7-Zip and NanaZip have all received updates, which bring multiple improvements and bug fixes, including performance improvements.
SystemTekCVE-2024-11477Severe security vulnerability discovered in 7-Zip [CVE-2024-11477]
A severe security vulnerability has been discovered in 7-Zip, the popular file compression utility, allowing remote attackers to execute malicious code through specially crafted archives. The vulnerability...
GBHackers NewsCVE-2024-114777-Zip RCE Vulnerability Let Attackers Execute Remote Code
A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing attackers to execute arbitrary code remotely.
References
EPSS Score
32% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- π‘
Public PoC available
- π₯
Vulnerability reached the number 1 worldwide trending spot
- π
Vulnerability started trending
- πΎ
Exploit known to exist
- π°
First article discovered by GBHackers News
Vulnerability published
Vulnerability Reserved