CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now!

A high-severity vulnerability (CVE-2024-11477) has been discovered in the popular file archiver 7-Zip, potentially allowing attackers to execute malicious code on vulnerable systems.

The flaw, identified by Nicholas Zubrisky of Trend Micro Security Research, resides in the program’s Zstandard decompression function. Due to insufficient validation of user-supplied data, an integer underflow can occur, enabling attackers to execute arbitrary code within the affected process.

This vulnerability carries a CVSS score of 7.8, indicating a significant risk. Attackers could exploit this weakness by tricking users into opening specially crafted archive files. The consequences of successful exploitation could range from data theft to complete system compromise.

“Interaction with this library is required to exploit this vulnerability,” the security advisory states, “but attack vectors may vary depending on the implementation.”

Users are strongly urged to update to 7-Zip version 24.07 or later immediately. This latest release addresses the vulnerability and patches the integer underflow flaw.

Outdated software often contains vulnerabilities that can be exploited by malicious actors. Regularly updating software is a crucial step in maintaining a strong security posture and protecting against cyber threats.

Related Posts:

• 7-Zip Privilege Escalation Vulnerability
• 7-Zip Remote Code Execution Vulnerability
• WordPress Releases Urgent Security Patch – Update Immediately!
• WordPress Issues Urgent Security Update to Patch Multiple Vulnerabilities