The actual vulnerability is fairly complicated to describe, but pertains to a part of code that 7-Zip can use to open NTFS disk images. Opening .ntfs and .img disk images has long been a feature of 7-Zip, and there's a bug in the code that allows an attacker to provide incorrect values for a buffer, which in turn can be made bigger than intended and contain malicious code to be executed. If by now you're thinking "I don't use those file types", 7-Zip doesn't use the file extension to determine its type — it relies on the file's first few bytes, so providing a malicious NTFS image inside a .7z, .rar, .zip (and others) will work just fine.
Follow Tom's Hardware on Google News , or add us as a preferred source , to get our latest news, analysis, & reviews in your feeds.
Bruno Ferreira is a contributing writer for Tom's Hardware. He has decades of experience with PC hardware and assorted sundries, alongside a career as a developer. He's obsessed with detail and has a tendency to ramble on the topics he loves. When not doing that, he's usually playing games, or at live music shows and festivals. ","collapsible":{"enabled":true,"maxHeight":250,"readMoreText":"Read more","readLessText":"Read less"}}), "https://slice.vanilla.futurecdn.net/13-4-24/js/authorBio.js"); } else { console.error('%c FTE ','background: #9306F9; color: #ffffff','no lazy slice hydration function available'); } Bruno Ferreira Social Links Navigation Contributor Bruno Ferreira is a contributing writer for Tom's Hardware. He has decades of experience with PC hardware and assorted sundries, alongside a career as a developer. He's obsessed with detail and has a tendency to ramble on the topics he loves. When not doing that, he's usually playing games, or at live music shows and festivals.
Key considerations
- Investor positioning can change fast
- Volatility remains possible near catalysts
- Macro rates and liquidity can dominate flows
Reference reading
- https://www.tomshardware.com/tech-industry/cyber-security/SPONSORED_LINK_URL
- https://www.tomshardware.com/tech-industry/cyber-security/wide-ranging-7-zip-vulnerability-with-8-8-cve-rating-allows-for-code-execution-hundreds-of-millions-of-machines-potentially-at-risk#main
- https://www.tomshardware.com
- China adds homegrown AI chips to 'secure and reliable' procurement list for the first time — nine options added as move away from Nvidia continues
- Nvidia and Microsoft tease "a new era of PC" ahead of Computex 2026 — coordinated social media posts could indicate that rumored N1X laptops will be Windows on
- NVIDIA, Ineffable Intelligence Team Up to Build the Future of Reinforcement Learning Infrastructure
- Pocket a huge $252 saving on a two-year PIA VPN subscription and score two months for free — 88% discount on no-logs provider with servers in 90 different count
- Lenovo says it's digging into allegations that its China-only G10 handheld is being used for piracy — third parties may be including illicit games to inflate pr
Informational only. No financial advice. Do your own research.