Search

New Security Vulnerability for 7-Zip

Updated: May 23

7-Zip is an open source archive software


New security vulnerability CVE-2022-29072 details a new privilege escalation vulnerability for open-source archive software, 7-Zip on Windows. Hackers are able to escalate privilege by dragging a .7z extension to the help content area due to a 7z.dll misconfiguration and heap overflow.


Currently there is no official fix, but users can remove the help content area by deleting the 7zip.chm file.


Sources:

https://www.cve.org/CVERecord?id=CVE-2022-29072

https://github.com/kagancapar/CVE-2022-29072

5 views0 comments