Privilege Escalation and Command Execution in 7-Zip on Windows
CVE-2022-29072

7.8HIGH

Key Information:

Vendor
7-zip
Status
7-zip
Vendor
CVE Published:
15 April 2022

Badges

👾 Exploit Exists🟡 Public PoC

Summary

7-Zip versions up to 21.07 on Windows are susceptible to a vulnerability that allows for privilege escalation and command execution. This issue arises when a file with the .7z extension is dragged to the Help>Contents area, triggered by a misconfiguration of the 7z.dll and a heap overflow. The resultant command executes within a child process under the 7zFM.exe process. Although it has been reported by multiple third parties that privilege escalation may not actually occur, the potential for command execution still poses a significant risk to users.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2022-29072
Created by kagancapar

CVE-2022-29072
Created by sentinelblue

CVE-2022-29072
Created by tiktb8

References

https://sourceforge.net/p/sevenzip/bugs/2337/
x_refsource_MISC
https://www.youtube.com/watch?v=sT1cvbu7ZTA
x_refsource_MISC
https://github.com/kagancapar/CVE-2022-29072
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.