7-Zip security flaw can be triggered by dragging a file: Affecting all versions
3 min read7-Zip security flaw can be triggered by dragging a file: Affecting all versions
- An American company made 0.7nm chips: EUV lithography machines can’t do it
- CVE-2007-4559 Python vulnerability ignored for 15 years puts 350,000 projects at risk of code execution
- RISC-V only takes 12 years to achieve the milestone of 10 billion cores
- 14000 cores + 450W: RTX 4080 graphics card perfectly replaces the RTX 3080
- Big upgrade: The difference between Bluetooth 5.0 and 5.2
- Geeks Disappointed that RTX 4080/4090 doesn’t come with PCIe 5.0
- What are advantages and disadvantages of different load balancing?
7-Zip security flaw can be triggered by dragging a file: Affecting all versions
7-Zip is an open source decompression software that is mainly used on Microsoft Windows operating systems.
The author of 7-Zip released the first official version for Linux in March last year , allowing Linux users to replace the outdated p7zip with the officially developed 7-Zip.
Recently, researcher Kağan Çapar discovered a vulnerability in 7-Zip that could allow hackers to be given elevated privileges and execute arbitrary commands.
The CVE ID of the vulnerability is CVE-2022-29072, and the vulnerability affects all versions of 7-Zip, including the latest version 21.07.
To trigger the vulnerability is also very simple, the user only needs to drag the file with the .7zextension to the “Help > Content Area” of the 7-Zip software window, and the trigger method can be viewed in the GIF image below.
The vulnerability is due to a misconfiguration of 7z.dll and a stack overflow.
After the software is installed, the files in the “Help > Content” area work through Windows HTML Helper, but after command injection, a subprocess will appear under 7zFM.exe.
Due to the memory interaction in the 7z.dll file, the called out The cmd.exe child process is granted administrator mode.
The developers of 7-Zip have yet to provide a software update to fix the vulnerability, and it is unclear when 7-Zip will address the issue. 7-Zip was last updated in December 2021.
Temporary workaround
Although no official update has been provided to fix the vulnerability, the vulnerability is caused by a 7-zip.chmfile , so the current temporary solution is to delete this affected file.
7-zip.chmis a help file that contains information on how to use and operate 7-Zip. Deleting this file does not result in a loss of functionality.
After deletion, the help file will no longer open when the user selects Help > Content in the 7-Zip file manager or presses the F1 key on the keyboard.
In order to delete the file, the folder of the compression program must first be opened. Typically, this file can be found C:\\Programs\\under . Once the “7-Zp” folder is brought up, the 7-zip.chmfiles . In addition to deleting 7-zip.chmfiles , the user can revoke write permissions for the 7-Zip program, allowing 7-Zip to only run and read files .
- DIY a PBX (Phone System) on Raspberry Pi
- How to host multiple websites on Raspberry Pi 3/4?
- A Free Intercom/Paging system with Raspberry pi and old Android phones
- DIY project: How to use Raspberry Pi to build DNS server?
- Raspberry Pi project : How to use Raspberry Pi to build git server?