PSA: A security researcher recently discovered a vulnerability in the file archiver 7-Zip that could give attackers high privileges and let them execute code. Developers have not yet released a patch, but users can quickly fix this vulnerability in the meantime.
Last week, researcher Kağan Çapar discovered and published a zero-day vulnerability in 7-Zip that can grant privilege escalation and command execution. Denoted as CVE-2022-29072, it affects Windows users with version 21.07 – the latest version as of now.
As the video below shows, an attacker with limited access to a system can activate the vulnerability by opening the “Help” window in 7-Zip under Help->Contents and sending a file with the .7z extension to that window. to tow. Any file with that extension will work. It doesn’t have to be a real 7z archive.
By running a child process under the 7zFM.exe process, the vulnerability could increase the attacker’s privileges and allow them to execute commands on the target system. Çapar attributes this to a misconfiguration in the 7z.dll file and heap overflow.
The Windows HTML helper file may also share some blame, as it may allow other programs to run commands. Çapar reports a similar vulnerability that works through the Windows HTML helper file and WinRAR.
Deleting the “7-zip.chm” file in the 7-Zip root may fix the problem until developers patch it. It is unclear when that will be.
This post 7-Zip zero-day vulnerability grants privilege escalation
was original published at “https://www.techspot.com/news/94248-7-zip-zero-day-vulnerability-grants-privilege-escalation.html”