Overview
- Description
- 7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the implementation of Zstandard decompression. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24346.
- Source
- zdi-disclosures@trendmicro.com
- NVD status
- Received
Risk scores
CVSS 3.0
- Type
- Secondary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
Weaknesses
- zdi-disclosures@trendmicro.com
- CWE-191
Social media
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
4
A newly discovered vulnerability in 7-Zip, a widely used file compression utility, has raised significant cybersecurity concerns. Tracked as CVE-2024-11477, this flaw allows attackers to execute malicious code through specially crafted archive files. Watch the video till the…
@FORTBRIDGE
26 Nov 2024
84 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
So I spent some time trying to make a video about CVE-2024-11477, a vulnerability in 7-zip. This led my down a wild rabbit hole of patch diffing, software fuzzing, and ultimately crashing 7-zip over 4000 times. Check it out.
@LowLevelTweets
26 Nov 2024
132 Impressions
1 Retweet
7 Likes
0 Bookmarks
1 Reply
0 Quotes
Обнаружена новая уязвимость в архиваторе 7-Zip, которая может позволить злоумышленникам запустить вредоносный код на вашем компьютере. Проблема кроется в компоненте разуплотнения Zstandard и уже получила официальный идентификатор CVE-2024-11477: https://t.co/0CwveaiDdS #7Zip #ИБ
@infosecmedia_
26 Nov 2024
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Celah Keamanan 7-Zip (CVE-2024-11477) 🚨 Ada bug di fungsi dekompresi Zstandard (CVSS 7.8) yang bisa dimanfaatkan hacker untuk menjalankan kode berbahaya lewat file yg sudah dimodif. Segera update ke versi 24.07+ biar aman! #KeamananSiber #7Zip https://t.co/oKMuJP38LY
@anvie
26 Nov 2024
5131 Impressions
40 Retweets
163 Likes
30 Bookmarks
0 Replies
0 Quotes
CVE-2024-11477、『7-Zip Zstandard Decompression Integer Underflow 「Remote」 Code Execution Vulnerability』と銘打っておいて、Attack Vector (AV): Local なのちょっと面白い。アーカイバとしての使われ方を考慮? https://t.co/U1uyYFgxn5
@ymzkei5
26 Nov 2024
374 Impressions
0 Retweets
1 Like
1 Bookmark
0 Replies
0 Quotes
CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! https://t.co/701SFKSBkY
@turne85540
26 Nov 2024
53 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11477 - looks like a signness issue in the Zstd Decoder
@mistymntncop
25 Nov 2024
3566 Impressions
2 Retweets
24 Likes
8 Bookmarks
2 Replies
0 Quotes
CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! https://t.co/1wmwjbjkZ8
@N0tus3rF0und
25 Nov 2024
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[Sécurité] Exploit RCE CVE-2024-11477 découvert sur 7Zip Le célèbre logiciel de décompression open source 7Zip à un exploit RCE critique sur sont système de décompression https://t.co/U8n4F1J6BX Author : SaoriYuki
@SwitchTools
25 Nov 2024
1937 Impressions
1 Retweet
19 Likes
3 Bookmarks
0 Replies
1 Quote
CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! https://t.co/U0VMv6HJSU
@daisuke
25 Nov 2024
49 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
A critical vulnerability (CVE-2024-11477) in 7-Zip enables remote code execution due to insufficient validation of user-supplied data. ⚠️ #cybersecurity #vulnerability #7Zip https://t.co/Uc4zsjQQll https://t.co/Uc4zsjQQll
@_CyberMaster
25 Nov 2024
49 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
Attention 7-Zip users! A critical vulnerability (CVE-2024-11477) has been discovered that may allow the execution of malicious code when opening compromised files. It is recommended to update to the latest version (24.07 or higher). #Security #MandatoryUpdate #7Zip https://t.co/
@zumuha
25 Nov 2024
84 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚠️ 7-Zip RCE Vulnerability CVE-2024-11477: CVE-2024-11477: An integer underflow vulnerability in 7-Zip’s Zstandard decompression function (CVSS 7.8) allows attackers to execute malicious code. ❕ Users are advised to update to 7-Zip version 24.07 or later.
@cyberthreatzip
25 Nov 2024
21 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
آسیب پذیری بحرانی CVE-2024-11477 در 7Zip https://t.co/z54lJ11Bxd
@vulnerbyte
25 Nov 2024
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
😮 CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! https://t.co/5zHy9AilKm via @the_yellow_fall
@FutureITPro20xx
25 Nov 2024
7 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11477: Critical Flaw in 7-Zip Allows Hackers to Take Control A vulnerability has been discovered in the 7-Zip file compression tool, enabling attackers to remotely execute malicious code through specially crafted archives https://t.co/8wdaEVGJOW #CyberSecurity #7zip…
@S0fianeHamlaoui
25 Nov 2024
159 Impressions
0 Retweets
4 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! はてなブックマーク テクノロジー新着 https://t.co/6wDV9fMSLG
@mohritaroh
25 Nov 2024
42 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11477: Critical Flaw in 7-Zip Allows Hackers to Take Control A vulnerability has been discovered in the 7-Zip file compression tool, enabling attackers to remotely execute malicious code through specially crafted archives https://t.co/CVQekrwGtG
@the_yellow_fall
25 Nov 2024
415 Impressions
6 Retweets
4 Likes
1 Bookmark
0 Replies
0 Quotes
Top 5 Trending CVEs: 1 - CVE-2024-46938 2 - CVE-2024-37397 3 - CVE-2024-42477 4 - CVE-2024-11477 5 - CVE-2024-0012 #cve #cvetrends #cveshield #cybersecurity https://t.co/4Fua3CAN6W
@CVEShield
25 Nov 2024
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
یک آسیبپذیری سطح بالا (CVE-2024-11477) توی 7-Zip پیدا شده که اجازه اجرای کدهای مخرب از راه دور رو به مهاجمها میده. اینرو «نیکلاس زوبریسکی» از تیم ترند میکرو پیدا کرده و مربوط به عملکرد Zstandard decompression میشه. پیشنهاد میشه 7-Zip روبه نسخه 24.07 یا بالاتر آپدیت کنید. http
@2soroushahmadi
25 Nov 2024
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
【リンク集:11月22日~25日のセキュリティ関連ニュース/記事】 <脆弱性> ・CVE-2024-9511(CVSS 9.8):FluentSMTPプラグインにおける重大な欠陥により、30万超のWordPressサイトが乗っ取られる恐れ https://t.co/YcHjmSp1X8 ・CVE-2024-11477:7-Zipの脆弱性でリモートコード実行が可能に… https://t.co/TmuGmvuZCB
@MachinaRecord
25 Nov 2024
169 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical Vulnerability in 7-Zip A high-risk flaw (CVE-2024-11477) has been found in 7-Zip, allowing attackers to execute malicious code via crafted archives. With a CVSS score of 7.8, users should update immediately to stay protected. #CyberSecurity #7Zip #Vulnerability htt
@cyraxsecurity
25 Nov 2024
8 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! https://t.co/nnl1BNzN2N @the_yellow_fallより
@manatee_sn
25 Nov 2024
27 Impressions
0 Retweets
0 Likes
0 Bookmarks
1 Reply
0 Quotes
7-ZipをPCにインストールしちゃってる場合、最新のを適用しときましょう / CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! https://t.co/DW6iHkaPLN #bookmark — 量産型IGALOG (@igaos) Nov 25, 2024 November 25, 2024 at 02:14PM… https://t.co/0WFsKkUa05
@igaos
25 Nov 2024
77 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! https://t.co/VZztOC0LCS
@ohhara_shiojiri
25 Nov 2024
43 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
7-ZipをPCにインストールしちゃってる場合、最新のを適用しときましょう / CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! https://t.co/DW6iHkaPLN #bookmark
@igaos
25 Nov 2024
113 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution https://t.co/7WTVH56NzT
@Dinosn
25 Nov 2024
42307 Impressions
253 Retweets
783 Likes
282 Bookmarks
6 Replies
9 Quotes
7-Zipに遠隔コード実行の脆弱性。CVE-2024-11477はCVSSスコア7.8で、細工されたアーカイブを開いた場合発現の可能性。Zstd解凍時の整数アンダーフロー。バージョン24.04で修正済み。 https://t.co/hSZe8XutDI
@__kokumoto
25 Nov 2024
34890 Impressions
370 Retweets
533 Likes
117 Bookmarks
0 Replies
11 Quotes
7-Zip Vulnerability Allows Remote Code Execution, Update Now! 7-Zip vulnerability (CVE-2024-11477): understand the risks and learn how to safeguard your systems from potential code execution attacks https://t.co/vkDyUqzd0c
@the_yellow_fall
25 Nov 2024
886 Impressions
10 Retweets
11 Likes
6 Bookmarks
0 Replies
0 Quotes
🗣 CVE-2024-11477: 7-Zip Vulnerability Allows Remote Code Execution, Update Now! https://t.co/yNgY40yon0
@fridaysecurity
25 Nov 2024
70 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-11477 7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected … https://t.co/8l9L4M5ypF
@CVEnew
23 Nov 2024
820 Impressions
3 Retweets
8 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 7-Zip Vulnerability (CVE-2024-11477) 🚨 A remote code execution flaw in 7-Zip (versions < 24.07) was fixed in June 2024. Attackers could exploit it to run arbitrary code. 🔴 Risk: MEDIUM (63.84/100) 💡 Action: Update to 24.07+ ASAP. #SecurityAlert #InfoSec #CyberSecurity
@HWGSababa
22 Nov 2024
43 Impressions
2 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes