7-Zip is an open source archive software
New security vulnerability CVE-2022-29072 details a new privilege escalation vulnerability for open-source archive software, 7-Zip on Windows. Hackers are able to escalate privilege by dragging a .7z extension to the help content area due to a 7z.dll misconfiguration and heap overflow.
Currently there is no official fix, but users can remove the help content area by deleting the 7zip.chm file.
Sources:
Commenti