Cyber Security News

New 7-Zip 0-Day Exploit Allegedly Leaked Online Via ‘X’

A previously unknown zero-day vulnerability in the popular file compression tool 7-Zip has been publicly disclosed by an anonymous user claiming to be an NSA employee.

The disclosure, made on X (formerly Twitter), reveals a severe security flaw that could have far-reaching implications for both individual users and organizations globally.

GBHackers recently reported a severe security vulnerability has been discovered in 7-Zip, the popular file compression utility, allowing remote attackers to execute malicious code through specially crafted archives.

Vulnerability Details and Impact

The newly discovered vulnerability targets 7-Zip’s LZMA decoder, allowing attackers to execute malicious code on victims’ machines simply by having them open or extract compromised .7z files.

“This zero-day flaw lies in the LZMA decoder of 7-Zip and leverages a malformed LZMA stream to trigger a buffer overflow in the RC_NORM function.”

“By manipulating buffer pointers and aligning payloads, attackers can execute shellcode, culminating in arbitrary code execution.”

Security experts warn that this exploit could be particularly devastating when combined with infostealer malware, as it eliminates the need for traditional password-protected archive files in attack scenarios.

“This vulnerability represents a significant shift in how threat actors could distribute malware,

“The simplicity of the attack vector requiring only that a user open a .7z file—makes it particularly dangerous.”

Particularly concerning is the vulnerability’s potential impact on supply chain security. Many organizations utilize automated systems for processing archived files, potentially creating a perfect storm for widespread compromise if exploited. Companies that regularly handle third-party .7z files in their operations are especially at risk.

The cybersecurity community has responded swiftly to the disclosure, with experts recommending immediate protective measures:

  • Patch Immediately: Although a patch for the 7-Zip vulnerability has not yet been released, users and organizations are advised to stay vigilant, monitor for updates, and apply them as soon as they become available.
  • Mitigation Strategies: Organizations should enforce strict controls, such as scrutinizing and sandboxing third-party files before they are processed, to minimize exposure.
  • Awareness Training: Train users to recognize and avoid opening unsolicited or suspicious archive files to reduce the risk of exploitation.
  • Community Vigilance: Cybersecurity researchers and professionals should work together to investigate and address emerging threats associated with this vulnerability.

Adding to the concern, the same anonymous source has indicated plans to release another zero-day vulnerability targeting MyBB forum software, potentially threatening countless online communities’ security.

As of publication, no official patch has been released for the 7-Zip vulnerability. The software’s development team has not yet publicly commented on the disclosure.

Organizations and users are advised to monitor official channels for security updates and implement recommended mitigation strategies immediately.

“This is a critical moment for cybersecurity professionals. The combination of a widely-used tool like 7-Zip and the simplicity of exploitation makes this vulnerability particularly concerning.”

Security experts worldwide continue to analyze the exploit’s implications while awaiting an official response from 7-Zip’s development team.

Users and organizations are strongly advised to stay vigilant and implement recommended security measures until a patch becomes available.

Update:

We have learned that Igor Pavlov, the creator of 7-Zip, dismissed the claims in the 7-Zip discussion forum’s bugs section, stating: “This report on Twitter is fake. I don’t understand why this Twitter user made such a claim. There is no ACE vulnerability in 7-Zip / LZMA.”

The @NSA_Employee39 account did not respond immediately to requests for comment on social media.

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

New Phishing Campaign Targets Investors to Steal Login Credentials

Symantec has recently identified a sophisticated phishing campaign targeting users of Monex Securities (マネックス証券), a…

12 minutes ago

UAC-0219 Hackers Leverage WRECKSTEEL PowerShell Stealer to Extract Data from Computers

In a concerning development, CERT-UA, Ukraine's Computer Emergency Response Team, has reported a series of…

19 minutes ago

Hunters International Linked to Hive Ransomware in Attacks on Windows, Linux, and ESXi Systems

Hunters International, a ransomware group suspected to be a rebrand of the infamous Hive ransomware,…

24 minutes ago

Qilin Operators Imitate ScreenConnect Login Page to Deploy Ransomware and Gain Admin Access

In a recent cyberattack attributed to the Qilin ransomware group, threat actors successfully compromised a…

28 minutes ago

Operation HollowQuill Uses Malicious PDFs to Target Academic and Government Networks

A newly uncovered cyber-espionage campaign, dubbed Operation HollowQuill, has been identified as targeting academic, governmental,…

30 minutes ago

Cisco AnyConnect VPN Server Vulnerability Allows Attackers to Trigger DoS

Cisco has disclosed a significant vulnerability in its AnyConnect VPN Server for Meraki MX and Z Series…

4 hours ago