7-ZIP through version 21.07 allows privilege escalation and command execution when a file with .7z extension is dragged to the Help>Contents area. The vulnerability is being tracked as CVE-2022-29072.
7-Zip is a free and open-source file archiver for Windows, macOS, and Linux.
The zero-day vulnerability in 7-zip is due to misconfiguration of 7z.dll and heap overflow. The content area in help works through the Windows HTML Helper file. An attacker with low-level privileges to the system can exploit the vulnerability by opening the Help window in 7-Zip under Help->Contents and dragging a malicious .7z file into the window. This creates a child process under the 7zFM.exe process.
Exploiting the vulnerability allows an attacker to execute commands with SYSTEM privileges on a vulnerable target.
Affected versions
7-Zip through 21.07 on Windows.
Mitigation
The vendor has not released any patch yet, for more information please refer to CVE-2022-29072.
Qualys Detection
Qualys customers can scan their devices with QID 376545 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage on the latest vulnerabilities.
References
https://github.com/kagancapar/CVE-2022-29072
https://securityonline.info/cve-2022-29072-7-zip-privilege-escalation-vulnerability/