CVE-2022-29072

Description from NVD

** DISPUTED ** 7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe process. NOTE: multiple third parties have reported that no privilege escalation can occur.

Information Acquisition Date:2022-05-03T14:56Z

CVSS 2.0: 7.2 HIGH CVSS 3.x: 7.8 HIGH

▼ CVSS3 Vec CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV)	Network	Adjacent	Local	Physical
Attack Complexity (AC)	LOW	High
Privileges Required (PR)	None	Low	High
User Interaction (UI)	None	Required
Scope (S)	Unchange	Change
Confidentiality (C)	None	Low	High
Integrity (I)	None	Low	High
Availability (A)	None	Low	High

▼ CVSS2 Vec AV:L/AC:L/Au:N/C:C/I:C/A:C

Attack Vector (AV)	Network	Adjacent	Local
Access Complexity (AC)	Low	Medium	High
Authentication (Au)	None	Single	Multiple
Confidentiality (C)	None	Partial	Complete
Integrity (I)	None	Partial	Complete
Availability (A)	None	Partial	Complete

NVD References

https://sourceforge.net/p/sevenzip/bugs/2337/
source:MISC
tags:Exploit Issue Tracking Third Party Advisory

https://www.youtube.com/watch?v=sT1cvbu7ZTA
source:MISC
tags:Exploit Third Party Advisory

https://github.com/kagancapar/CVE-2022-29072
source:MISC
tags:Exploit Third Party Advisory

https://news.ycombinator.com/item?id=31070256
source:MISC
tags:Issue Tracking Third Party Advisory

http://packetstormsecurity.com/files/166763/7-Zip-21.07-Code-Execution-Privilege-Escalation.html
source:MISC
tags:Broken Link

This vulnerability may involve a PoC.

Refer to Information on External Sites

CVE Infomation	Exploits or more Infomation
mitre	EXPLOIT DATABASE
NVD	0day.today
vulmon.com	github
CVE Details	Twitter
JVN ENG JPN
Reconshell

Software Tag:

List of frequently cited URLs

URL	Num of Times Referred to
https://cvetrends.com	54
https://www.exploit-db	14
https://securityonline.info/cve-2022-29072-7-zip-privilege-...	5
https://news.ycombinator.com/item?id=31070256	5
https://tweetedtimes.com/H4ckManac?s=tnp	4
https://www.nichepcgamer.com/archives/7-zip-vulnerability-c...	4
https://github.com/kagancapar/CVE-2022-29072	3
https://twitter.com/MeAsHacker_HNA/status/1515533146636312587	3
https://socprime.com/blog/cve-2022-29072-detection-flaw-in-...	3
https://www.techspot.com/news/94248-7-zip-zero-day-vulnerab...	3

Information from Twitter

User	URL	Info Source	Date
wdormann	https://nvd.nist.gov/vuln/detail/cve-2022-29072	Source wdormann 1646496206028173312	2023/04/13
wdormann	https://twitter.com/wdormann/status/1646496206028173312/pho...	Source wdormann 1646496206028173312	2023/04/13

List of frequently cited URLs

URL	Num of Times Referred to
cvetrends.com	54
www.exploit-db	14
securityonline.info	5
news.ycombinator.com	5
tweetedtimes.com	4
www.nichepcgamer.com	4
github.com	3
twitter.com	3
socprime.com	3
www.techspot.com	3

Information from Twitter

User	URL	Info Source
wdormann	nvd.nist.gov	Show Tweet
wdormann	twitter.com	Show Tweet

GitHub Search Results: Up to 10

Name	URL
kagancapar/CVE-2022-29072	https://github.com/kagancapar/CVE-2022-29072
sentinelblue/CVE-2022-29072	https://github.com/sentinelblue/CVE-2022-29072
tiktb8/CVE-2022-29072	https://github.com/tiktb8/CVE-2022-29072

GitHub Search Results: Up to 10

Name	URL
kagancapar/CVE-2022-29072	github.com
sentinelblue/CVE-2022-29072	github.com
tiktb8/CVE-2022-29072	github.com

2023/04/13 Score : 0
Added Har-sia Database : 2022/04/16
Last Modified : 2023/04/13
Highest Scored Date : 2022/04/18
Highest Score : 64