7-Zip Mark-of-the-Web Bypass Vulnerability

A vulnerability in 7-Zip allows remote attackers to bypass the Mark-of-the-Web (MOTW) protection mechanism on Windows installations. This issue arises in versions prior to 24.09 and requires user interaction, such as visiting a malicious page or opening a harmful file. The flaw occurs when extracting files from a crafted archive that bears the MOTW; 7-Zip fails to propagate the MOTW to the extracted files. Consequently, an attacker could exploit this vulnerability to execute arbitrary code in the context of the current user.

Impact

Exploitation of this vulnerability could lead to the execution of arbitrary code, bypassing security warnings associated with the Mark-of-the-Web.

Remediation

Users can update to 7-Zip version 24.09 or later, where this vulnerability has been fixed. In environments where immediate updating is not feasible, 7-Zip can be completely disabled by renaming its executables, blocking execution permissions, and removing shortcuts from the Start Menu.