Critical 7 Zip Vulnerability With Public Exploit Requires Manual Update
The issue is related to how older 7-Zip versions handle symbolic links inside ZIP files (a symbolic link is a shortcut to another file or folder). As explained by Trend Micro’s Zero Day Initiative (ZDI), which first revealed the vulnerability last month, it is a Directory Traversal RCE flaw. This means a specially made ZIP file can trick the program into traversing (moving) to unauthorized system directories during extraction, allowing an attacker to run unwanted programs or “execute arbitrary code.” The issue has a CVSS risk score of 7.0 (High), and exploiting it requires user interaction (the target must open the malicious ZIP file).
According to a blog post from vulnerability detection platform Mondoo, this flaw is particularly dangerous for three reasons. First, the extraction of a malicious ZIP can allow an attacker to run code using a high-level account, such as a service account or privileged user, possibly leading to a full system takeover. Second, it is relatively easy to exploit (only requiring a user to open the archive), and third, 7-Zip’s widespread use provides a vast attack surface of unpatched systems.
Microsoft has tracked malicious activity linked to this vulnerability under the label, a detection name rather than a family title, yet it still shows active use of the public code in malware campaigns.