The current version 21.07 and earlier of the free pack program 7-Zip has a security vulnerability that is listed under CVE-2022-29072. This vulnerability can result in a manipulated input allowing elevated rights to be executed.
This can also be done over a network. Generally speaking, the vulnerability can be executed via the 7-zip.chm, i.e. the help file, contained in the folder. If you want to know more about it, you can Post on GitHub read through and watch the short video. The CVE-2022-29072 has been in use since April 12th, 2022 and was published yesterday, April 16th. released. Until 7-Zip is updated, there is a very simple way to close the gap.
Workaround:
- In the 7-Zip folder simply the Delete 7-zip.chm. This is only included as a help file, as we know it from many programs.
- Another variant would be: 7-zip should only have read and execute rights. (For all users)
[related_posts_by_tax taxonomies=”post_tag”]
The post 7-Zip with a security vulnerability (CVE-2022-29072) that can be fixed for now appeared first on Gamingsym.