7-Zip App Vulnerability Grants Admin Privilege to Attackers

7-Zip App Vulnerability Grants Admin Privilege to Attackers

Posted on

A vulnerability has been discovered in 7-zip, the popular archiving program. This is an active zero-day vulnerability and is characterized as allowing privilege escalation and command execution. In other words, someone with limited access to your computer would be able to gain higher-level control, usually admin access, to run commands or apps. GitHub user Kagancapar seems to have unearthed this 7-zip Windows vulnerability, and it has reference CVE-2022-29072.

7-zip is a cross-platform app, but this vulnerability is tied to Windows, as it relies on 7-zip’s interactivity with the Windows help application, hh.exe. For example, the GitHub readme file for CVE-2022029072 surmises “Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area.”

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *