7-Zip zero-day vulnerability grants privilege escalation
PSA: A safety researcher lately found a vulnerability within the file archiver 7-Zip that would grant attackers excessive privileges and allow them to execute code. Developers have not launched a patch but, however customers can shortly nullify this safety gap within the meantime.
Last week, researcher Kağan Çapar discovered and printed a zero-day vulnerability in 7-Zip that may grant privilege escalation and command execution. Designated CVE-2022-29072, it impacts Windows customers working model 21.07 — the newest model as of now.
As the video beneath exhibits, an attacker with restricted entry to a system can activate the vulnerability by opening the “Help” window in 7-Zip underneath Help->Contents and dragging a file with the .7z extension into that window. Any file with that extension will work. It does not should be an actual 7z archive.
By working a toddler course of underneath the 7zFM.exe course of, the vulnerability can elevate the attacker’s privileges and allow them to run instructions on the goal system. Çapar blames this on a misconfiguration within the file 7z.dll and heap overflow.
The Windows HTML helper file may additionally share some blame, as different applications can permit command execution via it. Çapar mentions the same vulnerability that works via the Windows HTML helper file and WinRAR.
Deleting the file “7-zip.chm” within the 7-Zip root folder can mitigate the difficulty till devs patch it. It’s unclear when that will probably be.