B1 Free Archiver Mark of the Web Bypass Vulnerability

A vulnerability in B1 Free Archiver version 1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web (MotW) protections. The software fails to transfer the 'Zone.Identifier' alternate data stream to extracted files, enabling execution without triggering Windows Defender SmartScreen warnings or security prompts. This flaw could lead to untrusted code execution without standard security restrictions.

Impact

Exploiting this vulnerability causes extracted files to be treated as trusted by Windows, allowing them to be executed without any warnings or prompts. This could facilitate the execution of malicious code or delivery of malware, potentially leveraging social engineering tactics.

Reproduction

To reproduce this vulnerability, download a '7Z.zip' file from the internet that contains an executable. After downloading, extract the file using B1 Free Archiver. Once extracted, check the 'Zone.Identifier' alternate data stream to confirm that the MotW has not been applied.