[German]There is a vulnerability in the archive program 7-Zip for Windows that can become critical when unpacking archives. The "Mark of Web" label for downloads can be removed when unpacking. There is already an update to fix the vulnerability.
Advertising
Vulnerability CVE-2025-0411 in 7-Zip
The Zero-Day-Initiative (ZDI) has published the security advisory 7-Zip Mark-of-the-Web Bypass Vulnerability7-Zip Mark-of-the-Web Bypass Vulnerability for the vulnerability CVE-2025-0411 in 7-ZIP. The vulnerability, which has a CVSs 3.1 score of 7.0, allows remote attackers to bypass the Windows mark-of-the-web protection mechanism via the 7-Zip program.
Mark-of-the-Web (MoW) is a protection mechanism developed by Microsoft in which downloads from the Internet are marked with a flag in the files. Windows can then display a warning when the file is called up that it is a download that could be unsafe.
However, user interaction is required to exploit this vulnerability, as the target must visit a malicious site or download a malicious file and then open it.
The vulnerability exists when handling archived files. When extracting files from a manipulated archive that carries the Mark-of-the-Web, 7-Zip does not apply the Mark-of-the-Web flag to the files extracted from the archive.
An attacker can exploit this vulnerability to execute arbitrary code in the context of the current user. The vulnerability was reported to the developer on October 1, 2024. The whole thing is fixed in 7-Zip version 24.09. This version has been available for download on this website since the end of November 2024. Thanks to the blog reader for pointing out this heise article on the topic.
Advertising
