Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Frost-Core

New Windows 7-Zip Exploit Allows for Administrator Privliges

Recommended Posts

Posted (edited)

NOTE : This applies for Windows Only, Linux users use a Archive Manager so it does not apply, and this is not a joke

 

The Exploit

 

So recently a new exploit for the popular Open Source Software program for Microsoft Windows "7-Zip" has been found, it involves using the help files of 7-zip, if you drag a 7z file to the "Contents" Window of 7-zip, it will open you access to administrator privileges, which is of course not good since you can delete anything inside of your root filesystem.

This is known as the CVE-2022-29072 exploit

 

Workaround

 

The Workaround involves deleting the help files entirely, to do this delete :

C:\Program Files\7-zip\7-zip.chm

If you can not find the file make sure that "Hide extensions for know file types" is disabled, you can find it in folder options.

 

Share this post


Link to post
Posted (edited)

Thanks for posting this, I already deleted 7-zip.chm a few days ago.

 

I really hope this gets addressed soon.

Share this post


Link to post

Thank you for the heads up. I'm surprised they still include those help files given how much is provided on the official site, but whatever. CHM help files are such a relic at this point.

Share this post


Link to post
Just now, PasokonDeacon said:

Thank you for the heads up. I'm surprised they still include those help files given how much is provided on the official site, but whatever. CHM help files are such a relic at this point.

also i notice that zdaemon has these files.

Share this post


Link to post
Just now, DannyMan said:

I use WinRAR, is that fine?

according to reviewgeek there is a simillar exploit that affected winrar rather recently, but i think its patched.

Share this post


Link to post
Just now, PrismaticFrog said:

what about macos users? are they safe?

 

thanks for letting us know

probably yes, since 7zip is for windows only i think.

Share this post


Link to post
Posted (edited)
2 minutes ago, Frost-Core said:

probably yes, since 7zip is for windows only i think.

I swore I downloaded it a while back

oh wait it was a terminal utility, from your description it sounds like 7-zip on windows isn't

so I assume they are safe

Share this post


Link to post

Is this an exploit that can be used by people over the Internet? Because the way this is phrased, it sounds like the exploiter has to physically be at your computer already to do the drag-and-drop.

 

And not that I care much about keeping the CHM, but do you need to delete the CHM entirely, or would just moving it out of the directory where the program expects to look for it also work?

Share this post


Link to post
Posted (edited)
Just now, Stabbey said:

Is this an exploit that can be used by people over the Internet? Because the way this is phrased, it sounds like the exploiter has to physically be at your computer already to do the drag-and-drop.

 

And not that I care much about keeping the CHM, but do you need to delete the CHM entirely, or would just moving it out of the directory where the program expects to look for it also work?

it does work if you move it out.

this exploit is huge for people without passwords.

Share this post


Link to post

I'd say the threat is non-existent for virtually all private users.

 

Where this may be an issue is only systems where a user with a restricted account could give themselves elevated privileges, but really nothing else. So for it may be an issue in some workplaces where admin access is limited to designated people.

 

BTW, the whole thing is already marked "disputed", so I smell bullshit.

 

 

Share this post


Link to post

Nobody needs to get crazy and in panic here.

 

To execute this Attack somebody needs actually physical Accsess to your PC and your Account Password or a remote Accsess.

 

If somebody has this, there are endless Ways to screw your Machine up.

 

Share this post


Link to post

If you don't have a password (most idiots don't have a password on their pcs) then you are complete dead, or if you give your "friend" access to your pc, that too!

Share this post


Link to post
On 4/23/2022 at 2:03 PM, Azuris said:

Nobody needs to get crazy and in panic here.

 

To execute this Attack somebody needs actually physical Accsess to your PC and your Account Password or a remote Accsess.

 

If somebody has this, there are endless Ways to screw your Machine up.

 

 

Or just trick someone into performing the actions of their own accord, like most schemes.

Share this post


Link to post
10 hours ago, dasho said:

 

Or just trick someone into performing the actions of their own accord, like most schemes.

 

Yep, but then they can accomplish all Accsess much easier than that ;)

 

It is more interesting for Man in the Middle Attacks, if you want to get through a restricted Account to Administrator.

But there are other more reeliable Ways to get that, if you have such Accsess to a System.

Share this post


Link to post
2 hours ago, Azuris said:

 

Yep, but then they can accomplish all Accsess much easier than that ;)

 

It is more interesting for Man in the Middle Attacks, if you want to get through a restricted Account to Administrator.

But there are other more reeliable Ways to get that, if you have such Accsess to a System.

 

What are you talking about? If you're already on a box, you're going to be trying to dump credentials or do privilege escalation, not a man in the middle attack.

 

And phishing remains one of the easiest and most reliable ways to get remote access to a system. All you have to do is play the numbers game.

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×