this? Sort of. In Windows, an archive within an archive within an archive wouldn’t be flagged as a “file downloaded from the internet” so could be executed without malware checks. It’s a windows-specific issue and is only an issue if you’re downloading an untrusted archive from the internet. It’s patched in the latest version.
Didn’t 7-zip have a vulnerability a while back?
Yeah, WinRAR averages about 3 per year.
All software stacks are going to be vulnerable in some way or another. We don’t have a way to create perfect software just yet.
this? Sort of. In Windows, an archive within an archive within an archive wouldn’t be flagged as a “file downloaded from the internet” so could be executed without malware checks. It’s a windows-specific issue and is only an issue if you’re downloading an untrusted archive from the internet. It’s patched in the latest version.
The one that was patched back in September? Yes
Relevant link: https://arstechnica.com/security/2025/02/7-zip-0-day-was-exploited-in-russias-ongoing-invasion-of-ukraine/