Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2025-0411 PoC — 7-Zip 安全漏洞

Source
https://github.com/iSee857/CVE-2025-0411-PoC
Associated Vulnerability
Title:7-Zip 安全漏洞 (CVE-2025-0411)
Description:7-Zip是7-Zip开源的一个压缩软件。 7-Zip 24.09之前版本存在安全漏洞,该漏洞源于存在绕过漏洞,允许远程攻击者在当前用户的环境中执行任意代码。
Description
7-Zip Mark-of-the-Web绕过漏洞PoC(CVE-2025-0411)
Readme
https://blog.csdn.net/xc_214/article/details/145324643?spm=1001.2014.3001.5502

使用MinGW-w64进行cpp编译

x86_64-w64-mingw32-g++ loader.cpp -o loader.exe -s -static

![image](https://github.com/user-attachments/assets/b56b4bfb-8155-4593-a3ea-089365b8fe46)

编译后对exe进行7z压缩 执行两次
由于该漏洞需要用户交互,因此生成后的压缩文件需要手动点击,由于24.09版本之前缺乏MotW机制,因此可利用此问题诱导受害者执行

![image](https://github.com/user-attachments/assets/e7aa4dee-1f37-420a-a423-3efadf3bc7e7)
File Snapshot

 [4.0K]  /data/pocs/fcaeac346474f5d4c372a5a4cf903445f5c3cfa2
├── [2.3K]  loader.cpp
└── [ 572]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.