Back to search
CVE-2022-29072
Published: Apr 15, 2022
Modified: Jun 9, 2025
PUBLISHED
Description
7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe process. NOTE: multiple third parties have reported that no privilege escalation can occur
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://sourceforge.net/p/sevenzip/bugs/2337/
x_refsource_MISC
https://www.youtube.com/watch?v=sT1cvbu7ZTA
x_refsource_MISC
https://github.com/kagancapar/CVE-2022-29072
x_refsource_MISC
https://news.ycombinator.com/item?id=31070256
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now