Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Yesterday, user @NSA_Employee39 allegedly posted a zero-day exploit for the popular open source file decompression tool 7-Zip on Twitter, but 7-Zip author Igor Pavlov quickly dismissed it as a fake report. Other people who responded to @NSA_Employee39’s original tweet also questioned the claims and write-up, which some speculate could be run through ChatGPT.
Regardless, news of the arbitrary code execution exploit (ACE) hitting 7-Zip spread quickly. Now it’s up to outlets like ours or highly specific independent investigators to find Igor Pavlov’s statements against these false exploitation reports.
I finish Sourceforge.netIgor Pavlov clears the air with a series of formal comments on this topic. “The common conclusion is that this fake exploit code from Twitter was generated by LLM (AI),” Igor said. He explains that the comment in the “fake” code contains the following statement: “This exploit targets a vulnerability in the LZMA decoder of 7-Zip. It uses a crafted .7z archive with a distorted LZMA stream to trigger the buffer overflow condition in the RC_NORM function.
Hey guys, as a thank you to all my new followers, I’ll be posting 0 days all this week to MyBB. Here’s the ACE vulnerability in 7zip.https://t.co/FjvDD155Vo (I can’t access GitHb until I get home, sorry lol) Offsets may need to be changed, slight modifications depending on the victim…December 30, 2024
Igor continued, “But there is no RC_NORM function in the LZMA decoder. Instead, 7-Zip has an RC_NORM macro in the LZMA encoder and the PPMD decoder. Therefore, the LZMA decoder does not call RC_NORM. The statement about RC_NORM in “The exploitation comment is not right.”
Since 7-Zip is open source, and we only found users backing up Igor’s claims rather than the supposed “NSA employee” recklessly posting a 0-day ACE exploit on Twitter, it seems like this issue isn’t something end users need to worry about.
If you’re particularly concerned about this, we recommend mitigations by performance protection It scans any unfamiliar 7-Zip compatible archives that you may download. The vulnerability, as described, still requires users to open an archive infected with the built-in 7-Zip exploit. Otherwise, the most reliable voices all seem to point to this vulnerability being fake, and that it and the comments surrounding it were written using AI, not even by a hardworking black hat hacker. sad.
