A previously unknown zero-day vulnerability in the popular file compression tool 7-Zip has been publicly disclosed by an anonymous user claiming to be an NSA employee.
The disclosure, made on X (formerly Twitter), reveals a severe security flaw that could have far-reaching implications for both individual users and organizations globally.
GBHackers recently reported a severe security vulnerability has been discovered in 7-Zip, the popular file compression utility, allowing remote attackers to execute malicious code through specially crafted archives.
Vulnerability Details and Impact
The newly discovered vulnerability targets 7-Zip’s LZMA decoder, allowing attackers to execute malicious code on victims’ machines simply by having them open or extract compromised .7z files.
“This zero-day flaw lies in the LZMA decoder of 7-Zip and leverages a malformed LZMA stream to trigger a buffer overflow in the RC_NORM function.”
“By manipulating buffer pointers and aligning payloads, attackers can execute shellcode, culminating in arbitrary code execution.”
Security experts warn that this exploit could be particularly devastating when combined with infostealer malware, as it eliminates the need for traditional password-protected archive files in attack scenarios.
“This vulnerability represents a significant shift in how threat actors could distribute malware,
“The simplicity of the attack vector requiring only that a user open a .7z file—makes it particularly dangerous.”
Particularly concerning is the vulnerability’s potential impact on supply chain security. Many organizations utilize automated systems for processing archived files, potentially creating a perfect storm for widespread compromise if exploited. Companies that regularly handle third-party .7z files in their operations are especially at risk.
The cybersecurity community has responded swiftly to the disclosure, with experts recommending immediate protective measures:
- Patch Immediately: Although a patch for the 7-Zip vulnerability has not yet been released, users and organizations are advised to stay vigilant, monitor for updates, and apply them as soon as they become available.
- Mitigation Strategies: Organizations should enforce strict controls, such as scrutinizing and sandboxing third-party files before they are processed, to minimize exposure.
- Awareness Training: Train users to recognize and avoid opening unsolicited or suspicious archive files to reduce the risk of exploitation.
- Community Vigilance: Cybersecurity researchers and professionals should work together to investigate and address emerging threats associated with this vulnerability.
Adding to the concern, the same anonymous source has indicated plans to release another zero-day vulnerability targeting MyBB forum software, potentially threatening countless online communities’ security.
As of publication, no official patch has been released for the 7-Zip vulnerability. The software’s development team has not yet publicly commented on the disclosure.
Organizations and users are advised to monitor official channels for security updates and implement recommended mitigation strategies immediately.
“This is a critical moment for cybersecurity professionals. The combination of a widely-used tool like 7-Zip and the simplicity of exploitation makes this vulnerability particularly concerning.”
Security experts worldwide continue to analyze the exploit’s implications while awaiting an official response from 7-Zip’s development team.
Users and organizations are strongly advised to stay vigilant and implement recommended security measures until a patch becomes available.
Update:
We have learned that Igor Pavlov, the creator of 7-Zip, dismissed the claims in the 7-Zip discussion forum’s bugs section, stating: “This report on Twitter is fake. I don’t understand why this Twitter user made such a claim. There is no ACE vulnerability in 7-Zip / LZMA.”
The @NSA_Employee39 account did not respond immediately to requests for comment on social media.
