VDB

CISA-2022-29072

CISA-2022-29072 PUBLISHED

Reported by mitre · Published April 15, 2022

7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe process. NOTE: multiple third parties have reported that no privilege escalation can occur

Affected Products

VendorProductVersions
n/an/an/a
n/an/an/a, n/a

Timeline

  • Apr 15, 2022 CVE Published
  • Jun 9, 2025 CVE Updated

References

  • x_refsource_MISC
  • x_refsource_MISC
  • x_refsource_MISC
  • x_refsource_MISC
  • x_refsource_MISC
Open in Interactive Console →
$ Console Community · 100/wk Open console ›