A vulnerability was found in the 7-Zip archiver through which anyone can gain system rights in Windows

A vulnerability (CVE-2022-29072) has been identified in the popular free 7-Zip archiver for the Windows platform, the exploitation of which allows a local user with limited rights to elevate the privilege level in the system to the SYSTEM level. According to available data, the problem affects all current versions of the application, including 7-Zip 21.0.

Image Source: Pixabay

Exploitation of the mentioned vulnerability involves moving a specially configured file with the .7z extension to the area of ​​the application’s graphical interface, where a tooltip is displayed when opening the system menu in the Help section and the Contents submenu. According to reports, the problem occurs due to incorrect permissions for the 7z.dll library and a buffer overflow.

Curiously, after being notified of the problem, the developers of the archiver did not acknowledge the existence of the vulnerability. Instead, they stated that the problem was caused by the Microsoft HTML Helper (hh.exe) process, which runs code when the file is moved. However, the researchers believe that the mentioned process is only indirectly involved in the exploitation of the vulnerability.

In fact, the source of the problem is most likely a buffer overflow in the 7zFM.exe process and an incorrect setting of the rights of the 7z.dll library. Administrators who use an archiver are advised to delete the 7-zip.chm help file and restrict the rights of all 7-Zip users to read and run. This option can be used until the developers of the archiver release an appropriate patch that eliminates the CVE-2022-29072 vulnerability.

If you notice an error, select it with the mouse and press CTRL + ENTER.


Source: 3DNews – все новости сайта by 3dnews.ru.

*The article has been translated based on the content of 3DNews – все новости сайта by 3dnews.ru. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!

*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.

*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!