Update now: 7-Zip fixes RCE flaw exploitable with malicious archives

Summary

7-Zip has released version 26.02 to address a critical remote code execution (RCE) vulnerability. Attackers can exploit this flaw by tricking users into opening specially crafted compressed files, leading to arbitrary code execution on the victim's system.

IFF Assessment

FOE

This vulnerability allows attackers to execute arbitrary code on a user's system by exploiting a flaw in archive handling, posing a direct threat to defenders.

Severity

7.8 High (AI Estimated)

The CVSS score of 7.8 reflects a High severity, considering the attack vector being local (requiring user interaction to open a file) but leading to a high impact (Remote Code Execution) with good exploitability.

Defender Context

Defenders should prioritize updating all installations of 7-Zip to version 26.02 or later immediately to mitigate the risk of RCE attacks. Users should be wary of opening archives from untrusted sources, even if they appear benign.

Read Full Story →