Lucene search
MitreVULNRICHMENT:CVE-2022-29072HistoryApr 15, 2022 - 7:54 p.m.
CVE-2022-29072
2022-04-1519:54:15
mitre
github.com
5
7-zip
windows
7z.dll
privilege escalation
command execution
heap overflow
7zfm.exe
child process
7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe process. NOTE: multiple third parties have reported that no privilege escalation can occur
ADP Affected
[
{
"cpes": [
"cpe:2.3:a:7-zip:7zip:*:*:*:*:*:*:*:*"
],
"vendor": "7-zip",
"product": "7zip",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "custom",
"lessThanOrEqual": "21.07"
}
],
"defaultStatus": "unknown"
}
]Related
hivepro
hivepro
What will be the consequence of this disputed vulnerability in 7-ZIP?
2022-04-26 12:22:45
Weekly Threat Digest: 18 – 24 April 2022
2022-04-27 12:44:38
prion
prion
Design/Logic Flaw
2022-04-15 20:15:00
githubexploit
githubexploit
Exploit for Heap-based Buffer Overflow in 7-Zip
2022-04-18 17:08:43
Exploit for Heap-based Buffer Overflow in 7-Zip
2022-12-20 15:30:12
Exploit for Heap-based Buffer Overflow in 7-Zip
2022-04-15 22:59:03
cve
cve
CVE-2022-29072
2022-04-15 20:15:12
exploitdb
exploitdb
7-zip - Code Execution / Local Privilege Escalation
2022-04-19 00:00:00
packetstorm
packetstorm
7-Zip 21.07 Code Execution / Privilege Escalation
2022-04-19 00:00:00
kaspersky
kaspersky
KLA12514 PE vulnerability in 7-Zip
2022-04-15 00:00:00
nvd
nvd
CVE-2022-29072
2022-04-15 20:15:12
zdt
zdt
7-zip - Code Execution / Local Privilege Escalation Exploit
2022-04-19 00:00:00
cvelist
cvelist
CVE-2022-29072
2022-04-15 19:54:15
AI Score
7.7
Confidence
High
SSVC
Exploitation
poc
Automatable
no
Technical Impact
total
Related for VULNRICHMENT:CVE-2022-29072