277 matches found
7-Zip Mark-of-the-Web Bypass Vulnerability (Jan 2025) - Windows
7zip is prone to a mark-of-the-web bypass vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:7-zip:7-zip";...
January Linux Patch Wednesday
JanuaryLinux Patch Wednesday. Out of 424 total vulnerabilities, 271 are in the Linux Kernel. None show signs of exploitation in the wild, but 9 have public exploits. RCE - Apache Tomcat CVE-2024-56337. Based on the description, the vulnerability affects "case-insensitive file systems" like Window...
7-Zip Mark-of-the-Web Bypass Vulnerability
This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
ROS-20250114-12
A vulnerability in the implementation of the Zstandard compression method of the 7-Zip archiver is related to integer overflow. Exploitation of the vulnerability could allow an attacker to execute arbitrary code provided that a user opens a specially generated archive. by a user opening a special...
Fake 7-Zip Exploit Code Traced to AI-Generated Misinterpretation
A recent claim that a critical zero-day vulnerability existed in the popular open-source file archiver 7-Zip has been met with skepticism from the software's creator and other security researchers...
7-Zip Qcow Handler Infinite Loop DoS Vulnerability - Windows
7zip is prone to a qcow handler infinite loop denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
7-Zip Zstandard Decompression Integer Underflow Vulnerability - Windows
7zip is prone to a zstandard decompression integer underflow vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Analysis of Elpaco: a Mimic variant
Introduction In a recent incident response case, we dealt with a variant of the Mimic ransomware with some interesting customization features. The attackers were able to connect via RDP to the victim's server after a successful brute force attack and then launch the ransomware. After that, the...
Remote Code Execution (RCE)
7-Zip is vulnerable to remote code execution RCE. The vulnerability is due to improper validation of user-supplied data in the Zstandard decompression implementation, causing an integer underflow that allows attackers to execute arbitrary code in the context of the current process...
CVE-2024-11612
7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on th...
CVE-2024-11612
7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on th...
CVE-2024-11477
7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary dependi...
CVE-2024-11477
7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary dependi...
CVE-2024-11477 7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability
7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary dependi...
CVE-2024-11477
7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary dependi...
CVE-2024-11477 7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability
7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary dependi...
CVE-2024-11477
7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary dependi...
CVE-2024-11477
CVE-2024-11477 affects 7-Zip via the Zstandard decompression path. The root cause is improper validation of input data in Zstandard decompression, allowing an integer underflow that can lead to arbitrary code execution in the process. Public writeups (ZDI-24346) describe the underlying flaw; mult...
CVE-2024-11612
CVE-2024-11612 describes a DoS in 7-Zip caused by a logic error during stream processing in CopyCoder, leading to an infinite loop. The vulnerability is exploitable remotely and requires interaction with the library, with attack vectors varying by implementation. Connected sources confirm the fla...
CVE-2024-11612 7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability
7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on th...