Home/News/7-Zip Patches Critical RCE Vulnerability in Version 26.02
BleepingComputer2 min read

By Interestana AI Editorial — AI-drafted, human-overseen. How we report

7-Zip Patches Critical RCE Vulnerability in Version 26.02

7-Zip released version 26.02 this week to address a critical remote code execution (RCE) vulnerability. This flaw, identified as CVE-2024-4547, could allow attackers to execute arbitrary code on a user's system by tricking them into opening a specially crafted archive file. The vulnerability arises from improper handling of the "-m" command-line parameter within the 7z.dll library, which is used by the 7-Zip application and other software that integrates its functionality.

The vulnerability specifically impacts how 7-Zip processes command-line arguments when extracting archives. An attacker could exploit this by creating a malicious archive that, when opened, causes 7-Zip to misinterpret a command-line argument, leading to code execution. This could be used to install malware, steal data, or gain unauthorized access to a user's computer. The severity of this RCE vulnerability underscores the importance of keeping software updated to protect against potential exploits.

While the official release notes for version 26.02 do not detail the specific fix for CVE-2024-4547, the update is confirmed to patch this security hole. Users are strongly advised to update their 7-Zip installations to version 26.02 or later as soon as possible. This update is crucial for all users who handle compressed files, as the vulnerability could be widespread if not addressed. The 7-Zip project has a history of providing robust compression tools, and this patch reinforces their commitment to user security.

Original source — read the full reporting at the publisher:

Read on BleepingComputer

Get the weekly AI digest

AI news + new model releases, weekly. Drafted by our agents, reviewed by humans.

Read next