7-ZIP through version 21.07 allows privilege escalation and command execution when a file with .7z extension is dragged to the Help>Contents area. The vulnerability is being tracked as CVE-2022-29072. 7-Zip is a free and open-source file archiver for Windows, macOS, and Linux. The zero-day vulnerability in 7-zip is due to misconfiguration of 7z.dll … Continue reading “7-Zip Privilege Escalation and Command Execution Zero-day Vulnerability (CVE-2022-29072)”