New Windows 7-Zip Exploit Allows for Administrator Privliges

NOTE : This applies for Windows Only, Linux users use a Archive Manager so it does not apply, and this is not a joke

The Exploit

So recently a new exploit for the popular Open Source Software program for Microsoft Windows "7-Zip" has been found, it involves using the help files of 7-zip, if you drag a 7z file to the "Contents" Window of 7-zip, it will open you access to administrator privileges, which is of course not good since you can delete anything inside of your root filesystem.

This is known as the CVE-2022-29072 exploit

Workaround

The Workaround involves deleting the help files entirely, to do this delete :

C:\Program Files\7-zip\7-zip.chm

If you can not find the file make sure that "Hide extensions for know file types" is disabled, you can find it in folder options.

Thanks for posting this, I already deleted 7-zip.chm a few days ago.

I really hope this gets addressed soon.

Thank you for the heads up. I'm surprised they still include those help files given how much is provided on the official site, but whatever. CHM help files are such a relic at this point.

Just now, PasokonDeacon said:

Thank you for the heads up. I'm surprised they still include those help files given how much is provided on the official site, but whatever. CHM help files are such a relic at this point.

also i notice that zdaemon has these files.

I use WinRAR, is that fine?

Just now, DannyMan said:

I use WinRAR, is that fine?

according to reviewgeek there is a simillar exploit that affected winrar rather recently, but i think its patched.

what about macos users? are they safe?

thanks for letting us know

Just now, PrismaticFrog said:

what about macos users? are they safe?

 

thanks for letting us know

probably yes, since 7zip is for windows only i think.

2 minutes ago, Frost-Core said:

probably yes, since 7zip is for windows only i think.

I swore I downloaded it a while back

oh wait it was a terminal utility, from your description it sounds like 7-zip on windows isn't

so I assume they are safe

Is this an exploit that can be used by people over the Internet? Because the way this is phrased, it sounds like the exploiter has to physically be at your computer already to do the drag-and-drop.

And not that I care much about keeping the CHM, but do you need to delete the CHM entirely, or would just moving it out of the directory where the program expects to look for it also work?

Just now, Stabbey said:

Is this an exploit that can be used by people over the Internet? Because the way this is phrased, it sounds like the exploiter has to physically be at your computer already to do the drag-and-drop.

 

And not that I care much about keeping the CHM, but do you need to delete the CHM entirely, or would just moving it out of the directory where the program expects to look for it also work?

it does work if you move it out.

this exploit is huge for people without passwords.

I'd say the threat is non-existent for virtually all private users.

Where this may be an issue is only systems where a user with a restricted account could give themselves elevated privileges, but really nothing else. So for it may be an issue in some workplaces where admin access is limited to designated people.

BTW, the whole thing is already marked "disputed", so I smell bullshit.

Nobody needs to get crazy and in panic here.

To execute this Attack somebody needs actually physical Accsess to your PC and your Account Password or a remote Accsess.

If somebody has this, there are endless Ways to screw your Machine up.

If you don't have a password (most idiots don't have a password on their pcs) then you are complete dead, or if you give your "friend" access to your pc, that too!

On 4/23/2022 at 2:03 PM, Azuris said:

Nobody needs to get crazy and in panic here.

 

To execute this Attack somebody needs actually physical Accsess to your PC and your Account Password or a remote Accsess.

 

If somebody has this, there are endless Ways to screw your Machine up.

 

Or just trick someone into performing the actions of their own accord, like most schemes.

10 hours ago, dasho said:

 

Or just trick someone into performing the actions of their own accord, like most schemes.

Yep, but then they can accomplish all Accsess much easier than that ;)

It is more interesting for Man in the Middle Attacks, if you want to get through a restricted Account to Administrator.

But there are other more reeliable Ways to get that, if you have such Accsess to a System.

2 hours ago, Azuris said:

 

Yep, but then they can accomplish all Accsess much easier than that ;)

 

It is more interesting for Man in the Middle Attacks, if you want to get through a restricted Account to Administrator.

But there are other more reeliable Ways to get that, if you have such Accsess to a System.

What are you talking about? If you're already on a box, you're going to be trying to dump credentials or do privilege escalation, not a man in the middle attack.

And phishing remains one of the easiest and most reliable ways to get remote access to a system. All you have to do is play the numbers game.

Always used WinRAR