CVE-2022-29072
Summary
| CVE | CVE-2022-29072 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-04-15 20:15:00 UTC |
| Updated | 2023-11-07 03:45:00 UTC |
| Description | ** DISPUTED ** 7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe process. NOTE: multiple third parties have reported that no privilege escalation can occur. |
Risk And Classification
Problem Types: CWE-787
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Please update your browser | MISC | www.youtube.com | |
| 7-Zip up to 21.07 on Windows allows privilege escalation and command execution | Hacker News | MISC | news.ycombinator.com | |
| 7-Zip 21.07 Code Execution / Privilege Escalation ≈ Packet Storm | MISC | packetstormsecurity.com | |
| GitHub - kagancapar/CVE-2022-29072: 7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. | MISC | github.com | |
| SourceForge.net: Log In to SourceForge.net | MISC | sourceforge.net | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 376545 7-Zip Privilege Escalation and Command Execution Vulnerability (Zero Day)