CVE-2025-50328: n/a
A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web (MotW) protections. When an archive is downloaded from the internet and extracted using B1 Free Archiver, the software fails to propagate the 'Zone.Identifier' alternate data stream to the extracted files. As a result, these files can be executed without triggering Windows Defender SmartScreen warnings or security prompts, enabling untrusted code execution without standard security restrictions.
AI Analysis
Technical Summary
The vulnerability in B1 Free Archiver v1.5.86 arises because the software fails to propagate the Zone.Identifier alternate data stream when extracting files from archives downloaded from the internet. The Zone.Identifier stream is used by Windows to mark files as originating from an untrusted source, triggering security prompts such as SmartScreen warnings. Without this marker, extracted files can be executed without these protections, increasing the risk of untrusted code execution. No CVSS score or official remediation level is provided, and no patch links are available. The vulnerability is specific to the handling of MotW metadata during extraction.
Potential Impact
Files extracted from internet-downloaded archives using the vulnerable B1 Free Archiver version can execute without Windows security prompts or SmartScreen warnings. This reduces the effectiveness of Windows' built-in protections against untrusted or potentially malicious files, potentially allowing untrusted code to run with fewer user warnings. There is no indication of remote code execution or privilege escalation beyond bypassing MotW protections. No known exploits have been reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should exercise caution when extracting archives downloaded from the internet using B1 Free Archiver v1.5.86. Consider using alternative extraction tools that correctly preserve the Zone.Identifier stream or manually verify the origin and safety of extracted files before execution.
CVE-2025-50328: n/a
Description
A vulnerability in B1 Free Archiver v1.5.86 allows files extracted from downloaded archives to bypass Windows Mark of the Web (MotW) protections. When an archive is downloaded from the internet and extracted using B1 Free Archiver, the software fails to propagate the 'Zone.Identifier' alternate data stream to the extracted files. As a result, these files can be executed without triggering Windows Defender SmartScreen warnings or security prompts, enabling untrusted code execution without standard security restrictions.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in B1 Free Archiver v1.5.86 arises because the software fails to propagate the Zone.Identifier alternate data stream when extracting files from archives downloaded from the internet. The Zone.Identifier stream is used by Windows to mark files as originating from an untrusted source, triggering security prompts such as SmartScreen warnings. Without this marker, extracted files can be executed without these protections, increasing the risk of untrusted code execution. No CVSS score or official remediation level is provided, and no patch links are available. The vulnerability is specific to the handling of MotW metadata during extraction.
Potential Impact
Files extracted from internet-downloaded archives using the vulnerable B1 Free Archiver version can execute without Windows security prompts or SmartScreen warnings. This reduces the effectiveness of Windows' built-in protections against untrusted or potentially malicious files, potentially allowing untrusted code to run with fewer user warnings. There is no indication of remote code execution or privilege escalation beyond bypassing MotW protections. No known exploits have been reported in the wild.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, users should exercise caution when extracting archives downloaded from the internet using B1 Free Archiver v1.5.86. Consider using alternative extraction tools that correctly preserve the Zone.Identifier stream or manually verify the origin and safety of extracted files before execution.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- mitre
- Date Reserved
- 2025-06-16T00:00:00.000Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69f26bc7cbff5d861048aa27
Added to database: 4/29/2026, 8:36:23 PM
Last enriched: 4/29/2026, 8:52:04 PM
Last updated: 4/30/2026, 3:34:43 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.