Cyber Security News

New 7-Zip 0-Day Exploit Allegedly Leaked Online Via ‘X’

A previously unknown zero-day vulnerability in the popular file compression tool 7-Zip has been publicly disclosed by an anonymous user claiming to be an NSA employee.

The disclosure, made on X (formerly Twitter), reveals a severe security flaw that could have far-reaching implications for both individual users and organizations globally.

GBHackers recently reported a severe security vulnerability has been discovered in 7-Zip, the popular file compression utility, allowing remote attackers to execute malicious code through specially crafted archives.

Vulnerability Details and Impact

The newly discovered vulnerability targets 7-Zip’s LZMA decoder, allowing attackers to execute malicious code on victims’ machines simply by having them open or extract compromised .7z files.

“This zero-day flaw lies in the LZMA decoder of 7-Zip and leverages a malformed LZMA stream to trigger a buffer overflow in the RC_NORM function.”

“By manipulating buffer pointers and aligning payloads, attackers can execute shellcode, culminating in arbitrary code execution.”

Security experts warn that this exploit could be particularly devastating when combined with infostealer malware, as it eliminates the need for traditional password-protected archive files in attack scenarios.

“This vulnerability represents a significant shift in how threat actors could distribute malware,

“The simplicity of the attack vector requiring only that a user open a .7z file—makes it particularly dangerous.”

Particularly concerning is the vulnerability’s potential impact on supply chain security. Many organizations utilize automated systems for processing archived files, potentially creating a perfect storm for widespread compromise if exploited. Companies that regularly handle third-party .7z files in their operations are especially at risk.

The cybersecurity community has responded swiftly to the disclosure, with experts recommending immediate protective measures:

  • Patch Immediately: Although a patch for the 7-Zip vulnerability has not yet been released, users and organizations are advised to stay vigilant, monitor for updates, and apply them as soon as they become available.
  • Mitigation Strategies: Organizations should enforce strict controls, such as scrutinizing and sandboxing third-party files before they are processed, to minimize exposure.
  • Awareness Training: Train users to recognize and avoid opening unsolicited or suspicious archive files to reduce the risk of exploitation.
  • Community Vigilance: Cybersecurity researchers and professionals should work together to investigate and address emerging threats associated with this vulnerability.

Adding to the concern, the same anonymous source has indicated plans to release another zero-day vulnerability targeting MyBB forum software, potentially threatening countless online communities’ security.

As of publication, no official patch has been released for the 7-Zip vulnerability. The software’s development team has not yet publicly commented on the disclosure.

Organizations and users are advised to monitor official channels for security updates and implement recommended mitigation strategies immediately.

“This is a critical moment for cybersecurity professionals. The combination of a widely-used tool like 7-Zip and the simplicity of exploitation makes this vulnerability particularly concerning.”

Security experts worldwide continue to analyze the exploit’s implications while awaiting an official response from 7-Zip’s development team.

Users and organizations are strongly advised to stay vigilant and implement recommended security measures until a patch becomes available.

Update:

We have learned that Igor Pavlov, the creator of 7-Zip, dismissed the claims in the 7-Zip discussion forum’s bugs section, stating: “This report on Twitter is fake. I don’t understand why this Twitter user made such a claim. There is no ACE vulnerability in 7-Zip / LZMA.”

The @NSA_Employee39 account did not respond immediately to requests for comment on social media.

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Open Source Linux Firewall IPFire 2.29 – Core Update 194 Released: What’s New!

IPFire, the powerful open-source firewall, has unveiled its latest release, IPFire 2.29 – Core Update…

2 hours ago

Threat Actors Leverage DDoS Attacks as Smokescreens for Data Theft

Distributed Denial of Service (DDoS) attacks, once seen as crude tools for disruption wielded by…

3 hours ago

20-Year-Old Proxy Botnet Network Dismantled After Exploiting 1,000 Unpatched Devices Each Week

A 20-year-old criminal proxy network has been disrupted through a joint operation involving Lumen’s Black…

3 hours ago

“PupkinStealer” – .NET Malware Steals Browser Data and Exfiltrates via Telegram

A new information-stealing malware dubbed “PupkinStealer” has emerged as a significant threat to individuals and…

3 hours ago

Phishing Campaign Uses Blob URLs to Bypass Email Security and Avoid Detection

Cybersecurity researchers at Cofense Intelligence have identified a sophisticated phishing tactic leveraging Blob URIs (Uniform…

3 hours ago

VMware Tools Vulnerability Allows Attackers to Modify Files and Launch Malicious Operations

Broadcom-owned VMware has released security patches addressing a moderate severity insecure file handling vulnerability in…

5 hours ago