Reminder: 7-Zip & MoW

Published: 2025-02-10. Last Updated: 2025-02-10 07:27:53 UTC
by Didier Stevens (Version: 1)
0 comment(s)

CVE-2025-0411 is a vulnerability in 7-zip that has been reported to be exploited in recent attacks. The problem is that Mark-of-Web (MoW) isn't propagated correctly: when extracted, a file inside a ZIP file inside another ZIP file will not have the MoW propagated from the outer ZIP file.

That's good to know, but what I personally consider more important to know, is that MoW isn't propagated at all by 7-zip in its default configuration.

I wrote about this a couple years ago in diary entry "7-Zip & MoW", when this new feature was introduced.

You have to enable MoW propagation in the GUI or via the registry. And that is still the case with the latest versions of 7-zip.

Didier Stevens
Senior handler
blog.DidierStevens.com

Keywords:
0 comment(s)

Comments

Login here to join the discussion.


Top of page
Diary Archives