7-Zippin’ My Way To Admin

Kyle McCray
April 21, 2022

Share This Post

A new zero-day vulnerability (CVE-2022-29072) has been discovered allowing easy privilege escalation and command execution. A simple drag and drop is all that is needed to complete this. Researchers have found when a file with the .7z extension is dragged to the Help>Contents area it causes a heap overflow in 7zFM.exe which results in privilege escalation (usually to Admin). 7zip has yet to patch the vulnerability however two known mitigations are available:

Deleting the 7-zip.chm file.
7-zip should only be allowed to have read and run permissions for all users.

However it must be noted that this vulnerability is disputed as of writing this article.

Links: https://github.com/sentinelblue/CVE-2022-29072

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29072

Reach out to our incident response team for help

7-zip, Critical, Disputed, privesc, vulnerability

More To Explore

Information Security News – 4/20/2026

108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users Article Link: https://thehackernews.com/2026/04/108-malicious-chrome-extensions-steal.html Fake Ledger Live App on Apple’s App Store Stole $9.5M

Jo Moldenhauer April 20, 2026

Information Security News – 4/6/2026

FBI Declares Suspected Chinese Hack of U.S. Surveillance System a ‘Major Cyber Incident’ Article Link: https://www.politico.com/news/2026/04/01/fbi-hack-surveillance-system-major-incident-00854237?ref=readtangle.com Researchers Observe Sub-One-Hour Ransomware Attacks Article Link: https://www.infosecurity-magazine.com/news/researchers-subonehour-ransomware/ New

Jo Moldenhauer April 6, 2026

7-Zippin’ My Way To Admin

Share This Post

More To Explore

Information Security News – 4/20/2026

Information Security News – 4/6/2026

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.

Follow Us:

Privacy Policy

© 2026 FRSecure LLC