[7-Zip App Vulnerability Grants Admin Privilege to Attackers]
from: tomshardware
But while we wait for an update it is quite easy to mitigate.
A vulnerability has been discovered in 7-zip, the popular archiving program. This is an active zero-day vulnerability and is characterized as allowing privilege escalation and command execution. In other words, someone with limited access to your computer would be able to gain higher-level control, usually admin access, to run commands or apps. GitHub user Kagancapar seems to have unearthed this 7-zip Windows vulnerability, and it has reference CVE-2022-29072.
7-zip is a cross-platform app, but this vulnerability is tied to Windows, as it relies on 7-zip's interactivity with the Windows help application, hh.exe. For example, the GitHub readme file for CVE-2022029072 surmises "Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area."
The clip above shows the vulnerability discoverer dropping a specially crafted file with a .7z extension (mimicking the 7-zip file extension) onto the 7-zip help window and running a command in admin mode. This looks like quite a simple way to gain higher-level access to a system and run commands and apps that might otherwise be off-limits.
Kagancapar provided some enlightening background information on the vulnerability and its discovery. First, they mention that 7-zip isn't entirely happy to shoulder the blame for this vulnerability, as it seems dependent on the Microsoft Help system. However, the dropping of the custom .7z extension file on the Help window causes a heap overflow in 7zFM.exe and resulting privilege elevation – so that means 7-zip authors should accept part of the blame.
At the time of writing the current version of 7-zip for Windows, v21.07, is not patched for the vulnerability demonstrated in the video. If the vulnerability is of concern to you, with regard to your personal computer or systems you administer, please take some comfort from two easy ways to mitigate the issue:
First method: If 7-zip does not update, deleting the 7-zip.chm file will be sufficient to close the vulnerability.
Second method: The 7-zip program should only have read and run permissions. (For all users)
7-zip broke the hegemony of the skinflint guilt-inducing shareware compression staples WinZip and WinRAR in the noughties. After a few years of refinement, it was given a Tom's Hardware Elite Award for compression speed, ratio, and size back in 2013. As well as being totally free for personal or business use, 7-zip charms with its cross platform nature and portability.
credit: tomshardware doc com /news/7-zip-zero-day-exploit
[7-Zip zero-day vulnerability grants privilege escalation]
from: techspot
PSA: A security researcher recently discovered a vulnerability in the file archiver 7-Zip that could grant attackers high privileges and let them execute code. Developers haven't released a patch yet, but users can quickly nullify this security hole in the meantime.
Last week, researcher Kağan Çapar found and published a zero-day vulnerability in 7-Zip that can grant privilege escalation and command execution. Designated CVE-2022-29072, it affects Windows users running version 21.07 — the latest version as of now.
As the video below shows, an attacker with limited access to a system can activate the vulnerability by opening the "Help" window in 7-Zip under Help->Contents and dragging a file with the .7z extension into that window. Any file with that extension will work. It doesn't have to be a real 7z archive.
By running a child process under the 7zFM.exe process, the vulnerability can elevate the attacker's privileges and let them run commands on the target system. Çapar blames this on a misconfiguration in the file 7z.dll and heap overflow.
The Windows HTML helper file may also share some blame, as other programs can allow command execution through it. Çapar mentions a similar vulnerability that works through the Windows HTML helper file and WinRAR.
Deleting the file "7-zip.chm" in the 7-Zip root folder can mitigate the issue until devs patch it. It's unclear when that will be.
credit: techspot doc com /news/94248-7-zip-zero-day-vulnerability-grants-privilege-escalation.html
[New 7-Zip Archiver Hack Reveals a Long Ignored Windows Vulnerability]
from: reviewgeek
The latest versions of 7-Zip contain a vulnerability (CVE-2022-29072) that lets hackers gain administrative privileges on a system. But this vulnerability, which exploits the 7-Zip help file, should alarm all Windows users, as it highlights an age-old problem on Windows systems.
How Does the Exploit Work?
As you may know, 7-Zip is a pretty old piece of open-source software. Its interface, buttons, and help menu haven’t changed much since 1999. The help menu is especially nostalgic—it relies on a .chm help file, which is a relic from the days of Windows 98.
These old .chm files are pretty versatile. When opened, they can display HTML and Javascript, making them a solid option for e-books, dictionaries, and other documentation. But they’re also easily exploited, as they can run malicious code and effectively substitute for an executable.
Now, 7-Zip’s help file doesn’t contain malware. But as kagancapar explains, hackers can use this file to execute malicious code on your system.
The process here is a bit wonky, so stay with me. Hackers with local or remote access to your computer can drag a .7z archive into the 7-Zip help menu to open a command prompt with admin privileges. The cmd.exe prompt runs as a child process under 7zFM.exe, which is quite odd.
A misconfiguration in the 7z.dll file and heap overflow appear to be responsible for this problem. Normally, dragging a file into the 7-Zip help menu should do nothing. I should note that a similar problem recently affected WinRAR, another archiving tool.
Realistically, the average person won’t be affected by this exploit. It requires local or remote access to your computer, and if a hacker manages to get that far, then you’re already screwed. If you’re worried about this vulnerability, you can simply delete 7zip.chm. It should be under C:\Program Files\7-Zip or C:\Program Files (x86)\7-Zip, depending on whether you use the 64-bit or 32-bit version.
Note that this problem only seems to affect the latest version of 7-Zip (21.07). This particular update launched in December of 2021, and 7-Zip hasn’t confirmed plans to patch the problem.
related search terms:
zenko
foo bar
minecraft players
zero-day vulnerability
u2f security key
5g attacks
how does eternalblue work
cve-2019-5418
error occurred during initialization of vm
please share us with your thoughts