7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area.
License: GNU General Public License v3.0
Merhaba Kağan Bey
Bu sorunu kaspersky öneresinde buldum ve github linki ile sizin çalışmanızı gördüm bunun için size teşekkür ederim . Ben büyük bir .exe çalıştırdım ve kuruşum dosyalarında bahsedilen dosya bulunuyordu şayet ben 7zip kullanmıyorum Winrar kullanıyordum
ve akabinde direk sildim şuan sanırım kurtuldum sizlerede danışmak istedim
Çalışmalarınız için tebrik ederim iyi çalışmalar
Hey bro,
I can't reproduce in my environment. Some files appear to be missing. Would you kindly upload the privesc part?
I can't reproduce the problem described in your video. what is the "privese.exe"? Is this what caused it?
按照视频中的程序跑了一下,不存在这个提权行为,权限还是原来的普通用户权限 测试来源win10 21h2 7z版本目前最新的测试版,难道说有通过其他的方式来利用或者说是的方式有误吗 视频中的文件可否发一下
Not sure how much this vulnerability is real but there are some things going on:
See: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29072
See also: https://sourceforge.net/p/sevenzip/discussion/45797/thread/65ce9ab4cb/
Like the title, the POC said you must drag the malicious html file into content area. Without GUI, the exploit is not happend ?
Please Sir,
i want learn more about this attack can u send privesc code on private?
the wording "7-Zip through 21.07" is not clear
I think it'll be informative to make it more understandable if there is a safe version
Please sir show the code!
The mitigation steps don't quite make sense to me, because if someone really wanted to exploit this, they would just have to download the affected 7zip executable, the affected chm file, and the specifically crafted 7z file to any system, and voila. So that means there really is no mitigation to this other than, maybe, application blacklisting?
Am I missing something?
Expanding on the above, that means it would be far easier for someone to create a malicious dll file that explots the inherent vulnerability in Microsoft's CHM system, and then you have an exploit that doesn't depend on 7zip at all. This means that the vulnerability isn't really with 7zip at all, but with Microsoft, and there is no type of mitigation until Microsoft patches it.
Linkedin private message, see hope to reply to exchange
there is 7-zip 22.00
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.
