-
-
Notifications
You must be signed in to change notification settings - Fork 300
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2022-29072 #262
Comments
After just reading about this, I personally think the file is redundant. I can't remember the last time I used a Microsoft hasn't touched this help method since the early 2000s. It's much like other pieces of Windows. Abandoned and only there for archaic and ancient software that IT departments refuse to let go of. It's easier and safer to use a |
I will upload a OK. |
Just to dump the old chm file seems a bad solution to me. |
It's currently disputed. From the outside, Igor thinks there is no issue because there is nothing to fix. It's been called a "hoax" and "nothing has been proven" from various third parties. Though few are named or have spoken up from what I could find.
The 2015 incident in Japan was an already crafted help file that did its deeds once opened. This is drag and drop. You have to have physical access to the computer or at least remote control (screen + mouse) to be able to do anything. If the threat is real, then there is a small risk to begin with. But more to the point, when I attempt this, I get my account returned. How others have got NT/System returned I do not know. |
I've read through a lot of comments in linked material that's spawned over the last few days. I tweeted out to someone that says he's a security researcher. There is no privilege escalation, or if there is, this is not the fault of 7z.
The documentation for the escalation example doesn't include what the author claims is the real problem. When pressed for more information, there is either a language breakdown of explanation or it genuinely doesn't make any sense. The comments are no longer visible because he's been flagged for rule breaking. Given how there is a lot of skepticism and unclear information, I'm leaning more towards this is not as big of a problem as it was made out to be. |
7-zip can unpack |
Just wanted to comment on this that, yes, at least when trying to launch an embedded HTA application script it causes the ActiveX control warning. However, for me the xxe injection does not cause such a warning, and, in the affected versions of 7-Zip, can retrieve the content of files the user can read. |
This project will mainly add some codecs to 7-Zip. |
Upstream 7-Zip through 21.07 is vulnerable to CVE-2022-29072, which allows privilege escalation and command execution. See https://github.com/kagancapar/CVE-2022-29072 for details.
7-Zip-zstd is probably also vulnerable to this exploit.
Besides this exploit, should we consider removing .chm file and the Help feature entirely from this fork?
The text was updated successfully, but these errors were encountered: