7-Zip through 21.07 (The latest release until 4/19/2022) on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area.
Workaround:
Delete the 7-zip.chm file in the 7-Zip installation directory
Reference:
https://securityonline.info/cve-2022-29072-7-zip-privilege-escalation-vulnerability/
https://github.com/kagancapar/CVE-2022-29072#mitigations
https://www.ghacks.net/2022/04/18/workaround-for-security-issue-in-7-zip-until-it-is-fixed/
https://vuldb.com/zh/?id.197545
No comments:
Post a Comment