One of the oldest archiving applications, 7-Zip, has been discovered to have a zero-day security vulnerability, which allows command execution and privilege escalation. This means that attackers can get administrator access to the victim’s computer and install/run suspicious apps.
Although 7-Zip is a cross-platform program, this security vulnerability is specific to Windows since it relies on 7-Zip’s interaction with the Windows help program.
This new 7-Zip Windows vulnerability was found by a GitHub user named Kagancapar, and it has reference CVE-2022-29072.
The current Windows v21.07 version of the 7-Zip app still doesn’t have the patch for the security issue shown above. If you’re worried about the security issue potentially affecting your PC, here are two things you may do to deal with the problem:
- If there’s still no 7-Zip update available, you may delete the ‘7-zip.chm’ file to close the door used by the vulnerability.
- Make sure the 7-Zip app and all its users only have read and run permissions.
Source: Tom’s Hardware