RSS
Логотип
Баннер в шапке 1
Баннер в шапке 2

7-Zip Free File Archiver

Product
Date of the premiere of the system: 1999

7-Zip is a free file archiver.

2022: Vulnerability that allows you to change user privileges to administrator level

On April 19, 2022, it became known that the 7-Zip archivist could be used to hack computers, the Tom's Hardware portal writes about this. It contains a dangerous vulnerability, which, if properly operated, can change the user rights on a single computer to the administrator level. The first problem was identified by a user of the GitHub portal under the alias Kagancapar.

Image:7-Zip.png
7-Zip

As reported, the problem manifests itself in 7-Zip exclusively in the Windows version. Users of other operating systems, including Linux and macOS, are not affected by this vulnerability.

The gap received the index CVE-2022-29072. It is present in all current versions of the archiver, including 21.x. On April 19, 2022, there was no patch eliminating it - the last stable assembly of the 7-Zip was released at the end of December 2021 and has an index of 21.07.

Windows users who archive files using 7-Zip can potentially be at risk of being hacked through the archive for a long time. Developers are in no hurry to admit that the problem is hidden in precisely their creation, and prefer to blame Microsoft. The latter, by the way, left the Russian market in the spring of 2022, and its GitHub in April 2022 began to block users from Russia.

According to the developers, it is not 7-Zip itself that is to blame for everything, but the third-party process of Microsoft HTML Helper, it is hh.exe. Researchers, as well as the user who discovered the gap GitHub Kagancapar, believe that hh.exe, if it is involved in exploiting the vulnerability, then only very indirectly.

Cybercriminals can use the CVE-2022-29072 gap using a special.7z file format - this is an extension of the archive files that 7-Zip works with by default. To do this, just transfer this file to the Archiver GUI area with the tooltip displayed when you open the Contents submenu in the Help menu.

Here, the 7zFM.exe process begins to fail, in which a buffer overflow occurs. Also, according to researchers, the rights to use the library 7z.dll. Together, all this gives hackers the opportunity to get victims of administrator rights on the PC.

The Microsoft HTML Helper application is indeed indirectly related to a problem found in 7-Zip. The archive help file is stored in.chm format, which is regularly used for this type of document, and it is opened by hh.exe.

Actually, Microsoft's involvement in the problem is limited to this alone. The failure itself and the possibility of exploiting the vulnerability manifest themselves when manipulating the help menu.

The way out of the situation is really very simple and does not require significant efforts or in-depth knowledge from users. They only need to delete the help file located in the installation directory of the archive itself, called 7-zip.chm. According to Tom's Hardware, this will be enough to provide protection against hacking through the operation of the CVE-2022-29072 gap. The only thing is that users will lose access to the archive reference materials, but it is far from the fact that they access them on a daily basis.

There is a second, slightly more complex, implementation method that does not require deleting a help file. Each of the user profiles present on the PC should limit access rights to 7-Zip only by reading and starting.

After the update that closes the gap is released, you can remove the restrictions on access rights to the archive. However, the developers did not disclose the date of its release on April 19, 2022[1].

Notes