3 days ago
4
Yesterday, user @NSA_Employee39 allegedly posted a zero-day exploit for the popular open-source file decompression utility 7-Zip on Twitter, only to have 7-Zip author Igor Pavlov swiftly dismiss it as a fake report. Other people replying to @NSA_Employee39's original Tweet also questioned the claims and the writing presented, which some speculate could have been run through ChatGPT.
Regardless, the news of a supposed arbitrary code execution (ACE) exploit hitting 7-Zip spread quickly. Now it's left to outlets like ours or significantly determined independent sleuths to find Igor Pavlov's statements against this apparent false exploit reporting.
Over on Sourceforge.net, Igor Pavlov is clearing the air himself with a series of official comments on the matter. Igor said, "The common conclusion is that this fake exploit code from Twitter was generated by LLM (AI)." He elaborates, "The comment in the "fake" code contains the statement: 'This exploit targets a vulnerability in the LZMA decoder of the 7-Zip software. It uses a crafted .7z archive with a malformed LZMA stream to trigger a buffer overflow condition in the RC_NORM function.'"
Hey guys, as a thank you to all the new followers, I will be dropping 0days all this week until MyBB.Here's a ACE vulnerability in 7zip.https://t.co/FjvDD155Vo(Can't access GitHb until I get home, sorry lol)Offsets might need changing, slight modifications based on victim…December 30, 2024
Igor continued, "But there is no RC_NORM function in LZMA decoder. Instead, 7-Zip contains RC_NORM macro in LZMA encoder and PPMD decoder. Thus, the LZMA decoding code does not call RC_NORM. And the statement about RC_NORM in the exploit comment is not true."
Because 7-Zip is open source, and we've only found users backing Igor's claims instead of this supposed "NSA employee" recklessly posting a 0-day ACE exploit on Twitter, it would seem that this issue isn't something end users need to worry about.
If you're particularly concerned about it, we recommend mitigating factors by performing security scans on any unfamiliar 7-Zip-compatible archives you may be downloading. The exploit, as described, still requires users to open a tainted archive with the 7-Zip exploit built in. Otherwise, it would seem the most authoritative voices all point toward this exploit being fake, and both it and the surrounding comments were written with AI—not even by a real hardworking black hat hacker. Sad.
English (US) ·