34/68 Friday, January 24, 2025
A vulnerability has been discovered in the file management software 7-Zip, identified as CVE-2025-0411, which allows attackers to bypass the Mark of the Web (MotW) security feature in Windows. MotW is a Windows security mechanism that tags files downloaded from untrusted sources, such as the internet, to mitigate potential security risks by restricting the use of potentially harmful files.
Through this vulnerability, attackers can execute malicious code on a victim’s computer when extracting specially crafted files from compressed archives or visiting malicious websites. The issue stems from 7-Zip’s failure to propagate the MotW metadata to extracted files. Researchers have noted that this flaw allows attackers to execute code with the privileges of the current user.
The vulnerability was reported by Peter Girnus via the Trend Micro Zero Day Initiative and has been patched in 7-Zip version 24.09. The update notes state: “The vulnerability related to the propagation of Zone.Identifier information for files extracted from nested archives has been fixed.”
Users of 7-Zip are strongly advised to update to the latest version (24.09) as soon as possible to mitigate the risks associated with this vulnerability.
Source https://securityaffairs.com/173310/hacking/7-zip-flaw-bypass-the-mark-of-the-web-motw.html
