Frost-Core Posted April 23, 2022 (edited) NOTE : This applies for Windows Only, Linux users use a Archive Manager so it does not apply, and this is not a joke The Exploit So recently a new exploit for the popular Open Source Software program for Microsoft Windows "7-Zip" has been found, it involves using the help files of 7-zip, if you drag a 7z file to the "Contents" Window of 7-zip, it will open you access to administrator privileges, which is of course not good since you can delete anything inside of your root filesystem. This is known as the CVE-2022-29072 exploit Workaround The Workaround involves deleting the help files entirely, to do this delete : C:\Program Files\7-zip\7-zip.chm If you can not find the file make sure that "Hide extensions for know file types" is disabled, you can find it in folder options. 8 Share this post Link to post
HavoX Posted April 23, 2022 (edited) Thanks for posting this, I already deleted 7-zip.chm a few days ago. I really hope this gets addressed soon. 1 Share this post Link to post
PasokonDeacon Posted April 23, 2022 Thank you for the heads up. I'm surprised they still include those help files given how much is provided on the official site, but whatever. CHM help files are such a relic at this point. 3 Share this post Link to post
Frost-Core Posted April 23, 2022 Just now, PasokonDeacon said: Thank you for the heads up. I'm surprised they still include those help files given how much is provided on the official site, but whatever. CHM help files are such a relic at this point. also i notice that zdaemon has these files. 0 Share this post Link to post
Frost-Core Posted April 23, 2022 Just now, DannyMan said: I use WinRAR, is that fine? according to reviewgeek there is a simillar exploit that affected winrar rather recently, but i think its patched. 1 Share this post Link to post
reefer Posted April 23, 2022 what about macos users? are they safe? thanks for letting us know 0 Share this post Link to post
Frost-Core Posted April 23, 2022 Just now, PrismaticFrog said: what about macos users? are they safe? thanks for letting us know probably yes, since 7zip is for windows only i think. 0 Share this post Link to post
reefer Posted April 23, 2022 (edited) 2 minutes ago, Frost-Core said: probably yes, since 7zip is for windows only i think. I swore I downloaded it a while back oh wait it was a terminal utility, from your description it sounds like 7-zip on windows isn't so I assume they are safe 0 Share this post Link to post
Stabbey Posted April 23, 2022 Is this an exploit that can be used by people over the Internet? Because the way this is phrased, it sounds like the exploiter has to physically be at your computer already to do the drag-and-drop. And not that I care much about keeping the CHM, but do you need to delete the CHM entirely, or would just moving it out of the directory where the program expects to look for it also work? 0 Share this post Link to post
Frost-Core Posted April 23, 2022 (edited) Just now, Stabbey said: Is this an exploit that can be used by people over the Internet? Because the way this is phrased, it sounds like the exploiter has to physically be at your computer already to do the drag-and-drop. And not that I care much about keeping the CHM, but do you need to delete the CHM entirely, or would just moving it out of the directory where the program expects to look for it also work? it does work if you move it out. this exploit is huge for people without passwords. 0 Share this post Link to post
Graf Zahl Posted April 23, 2022 I'd say the threat is non-existent for virtually all private users. Where this may be an issue is only systems where a user with a restricted account could give themselves elevated privileges, but really nothing else. So for it may be an issue in some workplaces where admin access is limited to designated people. BTW, the whole thing is already marked "disputed", so I smell bullshit. 7 Share this post Link to post
Azuris Posted April 23, 2022 Nobody needs to get crazy and in panic here. To execute this Attack somebody needs actually physical Accsess to your PC and your Account Password or a remote Accsess. If somebody has this, there are endless Ways to screw your Machine up. 2 Share this post Link to post
Frost-Core Posted April 24, 2022 If you don't have a password (most idiots don't have a password on their pcs) then you are complete dead, or if you give your "friend" access to your pc, that too! 0 Share this post Link to post
dasho Posted April 25, 2022 On 4/23/2022 at 2:03 PM, Azuris said: Nobody needs to get crazy and in panic here. To execute this Attack somebody needs actually physical Accsess to your PC and your Account Password or a remote Accsess. If somebody has this, there are endless Ways to screw your Machine up. Or just trick someone into performing the actions of their own accord, like most schemes. 2 Share this post Link to post
Azuris Posted April 25, 2022 10 hours ago, dasho said: Or just trick someone into performing the actions of their own accord, like most schemes. Yep, but then they can accomplish all Accsess much easier than that ;) It is more interesting for Man in the Middle Attacks, if you want to get through a restricted Account to Administrator. But there are other more reeliable Ways to get that, if you have such Accsess to a System. 0 Share this post Link to post
dasho Posted April 25, 2022 2 hours ago, Azuris said: Yep, but then they can accomplish all Accsess much easier than that ;) It is more interesting for Man in the Middle Attacks, if you want to get through a restricted Account to Administrator. But there are other more reeliable Ways to get that, if you have such Accsess to a System. What are you talking about? If you're already on a box, you're going to be trying to dump credentials or do privilege escalation, not a man in the middle attack. And phishing remains one of the easiest and most reliable ways to get remote access to a system. All you have to do is play the numbers game. 0 Share this post Link to post