VDB

CVE-2022-29072

CVE-2022-29072 PUBLISHED CVSS 7.800000190734863 HIGH

7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe process.

EPSS 18.89% · 95.4th percentile

Risk Scores

CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
EPSS Score
18.89%
95.4th percentile

Affected Products

VendorProductVersions
ABBABB 800xA for Symphony Plus Harmony <=6.2
ABBABB 800xA History <=7.0
ABBABB 800xA for AC 870P Melody <=6.2
ABBABB Batch Management <=6.2
ABBABB Production Response Batch History <=6.2
ABBABB Application Change Management <=6.2

Exploit Intelligence

…and 60 more exploits

Timeline

  • Apr 15, 2022 CVE Published
  • Apr 16, 2022 EPSS Score
  • Jul 26, 2022 EPSS Score
  • Sep 14, 2022 EPSS Score
  • Dec 24, 2022 EPSS Score
  • Feb 12, 2023 EPSS Score
  • Apr 3, 2023 EPSS Score
  • Jul 12, 2023 EPSS Score
  • Aug 31, 2023 EPSS Score
  • Dec 10, 2023 EPSS Score
  • Mar 19, 2024 EPSS Score
  • May 8, 2024 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›