39 matches found
CVE-2018-10172
7-Zip through 18.01 on Windows implements the "Large memory pages" option by calling the LsaAddAccountRights function to add the SeLockMemoryPrivilege privilege to the user's account, which makes it easier for attackers to bypass intended access restrictions by using this privilege in the context...
EUVD-2018-17761
Malware in sbrugna...
EUVD-2024-33917
Malicious code in bioql PyPI...
EUVD-2023-45052
Malicious code in bioql PyPI...
EUVD-2022-49887
Malicious code in bioql PyPI...
CVE-2025-53817
CVE-2025-53817 (7-Zip) : A null pointer dereference in the Compound document handler of 7-Zip prior to version 25.0.0 can cause denial of service when processing Compound Documents. Connected sources confirm the issue and that version 25.0.0 contains the fix. Affected component is the Compound ha...
CVE-2025-53816
7-Zip is a file archiver with a high compression ratio. Zeroes written outside heap buffer in RAR5 handler may lead to memory corruption and denial of service in versions of 7-Zip prior to 25.0.0. Version 25.0.0 contains a fix for the issue...
Exploit for Protection Mechanism Failure in 7-Zip
CVE-2025-0411 — 7-Zip Mark-of-the-Web MoTW Bypass 🚨 ---...
CVE-2022-29072
7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the HelpContents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe process. NOTE: multiple...
About Remote Code Execution – 7-Zip (BDU:2025-01793) vulnerability
About Remote Code Execution - 7-Zip BDU:2025-01793 vulnerability. It's about the fact that files unpacked using 7-Zip don't get the Mark-of-the-Web. As a result, Windows security mechanisms don't block the execution of the unpacked malware. If you remember, there was a similar vulnerability in...
CVE-2022-47112
7-Zip 22.01 does not report an error for certain invalid xz files, involving stream flags and reserved bits. Some later versions are unaffected...
CVE-2022-47112
7-Zip 22.01 does not report an error for certain invalid xz files, involving stream flags and reserved bits. Some later versions are unaffected...
CVE-2022-47111
7-Zip 22.01 does not report an error for certain invalid xz files, involving block flags and reserved bits. Some later versions are unaffected...
Exploit for Protection Mechanism Failure in 7-Zip
🚀 7-Zip-CVE-2025-0411-POC Repository Welcome to the official...
Exploit for Protection Mechanism Failure in 7-Zip
7-Zip-CVE-2025-0411-POC CVE-2025-0411 Details "This vuln...
7-Zip Mark of the Web Bypass Vulnerability
7-Zip contains a protection mechanism failure vulnerability that allows remote attackers to bypass the Mark-of-the-Web security feature to execute arbitrary code in the context of the current user...
About Remote Code Execution – 7-Zip (CVE-2025-0411) vulnerability
About Remote Code Execution - 7-Zip CVE-2025-0411 vulnerability. 7-Zip is a popular, free, open-source archiver widely used by organizations as a standard tool for managing archives. The vulnerability is a bypass of the Mark-of-the-Web mechanism. If you download and run a suspicious executable fi...
CVE-2025-0411
7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...
CVE-2025-0411
CVE-2025-0411 — 7-Zip MoTW bypass : Multiple connected documents confirm a local-vector vulnerability where double-nested archives fail to propagate the Mark-of-the-Web to extracted files, allowing a crafted archive to execute arbitrary code in the user’s context after interaction (opening/extrac...
CVE-2025-0411
7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicio...