September 26, 2022

COSFONE

Networking, PBX, IT, DIY Solution

7-Zip security flaw can be triggered by dragging a file: Affecting all versions

3 min read

7-Zip security flaw can be triggered by dragging a file: Affecting all versions



 

7-Zip security flaw can be triggered by dragging a file: Affecting all versions

7-Zip is an open source decompression software that is mainly used on Microsoft Windows operating systems.

The author of 7-Zip released the first official version for Linux in March last year , allowing Linux users to replace the outdated p7zip with the officially developed 7-Zip.

 

Recently, researcher Kağan Çapar discovered a vulnerability in 7-Zip that could allow hackers to be given elevated privileges and execute arbitrary commands.

The CVE ID of the vulnerability is CVE-2022-29072, and the vulnerability affects all versions of 7-Zip, including the latest version 21.07.

 

To trigger the vulnerability is also very simple, the user only needs to drag the file with the .7zextension to the “Help > Content Area” of the 7-Zip software window, and the trigger method can be viewed in the GIF image below.

 

7-Zip security flaw can be triggered by dragging a file: Affecting all versions

 

 

The vulnerability is due to a misconfiguration of 7z.dll and a stack overflow.

After the software is installed, the files in the “Help > Content” area work through Windows HTML Helper, but after command injection, a subprocess will appear under 7zFM.exe.

Due to the memory interaction in the 7z.dll file, the called out The cmd.exe child process is granted administrator mode.

 

The developers of 7-Zip have yet to provide a software update to fix the vulnerability, and it is unclear when 7-Zip will address the issue. 7-Zip was last updated in December 2021.

 

 

Temporary workaround

Although no official update has been provided to fix the vulnerability, the vulnerability is caused by a 7-zip.chmfile , so the current temporary solution is to delete this affected file.

 

7-Zip security flaw can be triggered by dragging a file: Affecting all versions

 

7-zip.chmis a help file that contains information on how to use and operate 7-Zip. Deleting this file does not result in a loss of functionality.

After deletion, the help file will no longer open when the user selects Help > Content in the 7-Zip file manager or presses the F1 key on the keyboard.

 

In order to delete the file, the folder of the compression program must first be opened. Typically, this file can be found C:\\Programs\\under . Once the “7-Zp” folder is brought up, the 7-zip.chmfiles . In addition to deleting 7-zip.chmfiles , the user can revoke write permissions for the 7-Zip program, allowing 7-Zip to only run and read files .

 



You may have missed