VDB
CISA-2022-29072
CISA-2022-29072
PUBLISHED
Reported by mitre · Published April 15, 2022
7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe process. NOTE: multiple third parties have reported that no privilege escalation can occur
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | n/a, n/a |
Timeline
- Apr 15, 2022 CVE Published
- Jun 9, 2025 CVE Updated