This means that it’s 7-Zip who should solve the problem.
However, according to Kagancapar, even if you drop the malicious file, this triggers a heap overflow in 7zFM.exe. The vendor hasn’t said much about vulnerability other than refusing to take responsibility for it, meaning that it depends on Microsoft Help in Windows. So, CVE-2022-29072 is tied to Windows, as it was caused due to interaction of 7-zip with the Windows help application. The problem lies in the 7-zip.chm helper files that are executed via the Windows HTML helper function (hh.exe). In simple terms, someone with access, even limited, to your computer is able to gain high-level control to run their own commands or apps. 7z extension is dragged to the Help > Contents area. CVE-2022-29072 vulnerability: how it works and whose fault is thatħ-Zip vulnerability or CVE-2022-29072 is an active zero-day vulnerability and is characterized as allowing privilege escalation and command execution for Windows when a file with the. The file archiver is available for Windows OS localizations are available for 87 languages. 7z-format archives, the archive manager also supports other packer formats commonly used under Windows, such as. 7-zip is one of the three most popular file archiving applications, whose popularity is only rivalled by giants WinZIP and WinRAR. A few words about 7-Zipħ-Zip is a free and open-source file archiver with high compression based on bzip2, PPMd, LZMA2, and LZMA algorithms. The vulnerability has not been fixed yet, as the latest version of the application 21.07 has been released on. A couple of days ago a new vulnerability was discovered by GitHub user Kagancapar in the popular 7-Zip file archiver, which allows gaining administrator privileges on Windows.
0 kommentar(er)
