7-Zippin’ My Way To Admin

Share This Post

A new zero-day vulnerability (CVE-2022-29072) has been discovered allowing easy privilege escalation and command execution. A simple drag and drop is all that is needed to complete this. Researchers have found when a file with the .7z extension is dragged to the Help>Contents area it causes a heap overflow in 7zFM.exe which results in privilege escalation (usually to Admin). 7zip has yet to patch the vulnerability however two known mitigations are available:

  1. Deleting the 7-zip.chm file.
  2. 7-zip should only be allowed to have read and run permissions for all users.

However it must be noted that this vulnerability is disputed as of writing this article.

Links: https://github.com/sentinelblue/CVE-2022-29072

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29072



Reach out to our incident response team for help

More To Explore

Information Security News – 07/06/26

SharePoint RCE CVE-2026-45659 Added to CISA KEV After Active Exploitation Article Link: https://thehackernews.com/2026/07/sharepoint-rce-cve-2026-45659-added-to.html ‘Djinn’ Stealer Targets Cloud, AI Credentials Article Link: https://www.darkreading.com/cyberattacks-data-breaches/djinn-stealer-targets-cloud-ai-credentials ChocoPoC Malware Targets

Information Security News – 6/29/26

SimpleHelp Bug Lets Hackers Create Rogue Remote Support Accounts Article Link: https://www.bleepingcomputer.com/news/security/simplehelp-bug-lets-hackers-create-rogue-remote-support-accounts/ New macOS ClickFix Attack Silently Mounts DMGs to Push Infostealer Article Link: https://www.bleepingcomputer.com/news/security/new-macos-clickfix-attack-silently-mounts-dmgs-to-push-infostealer/

Do You Want to Shore Up Your Defenses?

We're opening our first round of threat hunting engagements to 100 organizations. Sign up or join the wait list here.