Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-29072
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe process. NOTE: multiple third parties have reported that no privilege escalation can occur
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
7-Zip 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
7-Zip是一个压缩软件。 7-Zip 21.07存在安全漏洞,该漏洞允许在扩展名为 .7z 的文件被拖到帮助>内容区域时进行权限升级和命令执行。这是由 7z.dll 配置错误和堆溢出引起的。该命令在7zFM.exe进程下的子进程中运行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
-n/a n/a -
II. Public POCs for CVE-2022-29072
#POC DescriptionSource LinkShenlong Link
17-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area.https://github.com/kagancapar/CVE-2022-29072POC Details
2Powershell to mitigate CVE-2022-29072https://github.com/tiktb8/CVE-2022-29072POC Details
3** DISPUTED ** 7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe process, NOTE: multiple third parties have reported that no privilege escalation can occur.https://github.com/sentinelblue/CVE-2022-29072POC Details
47-Zip CVE-2022-29072 Mitigation - CHM file - This script detects if the .chm file exists and removes it.https://github.com/Phantomiman/7-Zip.chm-MitigationPOC Details
5Nonehttps://github.com/rasan2001/CVE-2022-29072POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2022-29072
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: n/a
Same vendor: n/a
V. Comments for CVE-2022-29072

No comments yet

Leave a comment