Guru3D.com
  • HOME
  • NEWS
    • Channels
    • Archive
  • DOWNLOADS
    • New Downloads
    • Categories
    • Archive
  • GAME REVIEWS
  • ARTICLES
    • Rig of the Month
    • Join ROTM
    • PC Buyers Guide
    • Guru3D VGA Charts
    • Editorials
    • Dated content
  • HARDWARE REVIEWS
    • Videocards
    • Processors
    • Audio
    • Motherboards
    • Memory and Flash
    • SSD Storage
    • Chassis
    • Media Players
    • Power Supply
    • Laptop and Mobile
    • Smartphone
    • Networking
    • Keyboard Mouse
    • Cooling
    • Search articles
    • Knowledgebase
    • More Categories
  • FORUMS
  • NEWSLETTER
  • CONTACT

New Reviews
Sapphire Radeon RX 7600 PULSE review
Gainward GeForce RTX 4060 Ti GHOST review
Radeon RX 7600 review
ASUS GeForce RTX 4060 Ti TUF Gaming review
MSI GeForce RTX 4060 Ti Gaming X TRIO review
GeForce RTX 4060 Ti 8GB (FE) review
Corsair 2000D RGB Airflow Mini-ITX - PC chassis review
ASUS PG27AQDM Review - 240Hz 1440p OLED monitor
MSI MAG X670E Tomahawk WiFi review
Mountain Makalu Max mouse review

New Downloads
CPU-Z download v2.06
AMD Radeon Software Adrenalin 23.5.1 WHQL download
GeForce 532.03 WHQL driver download
AMD Chipset Drivers Download 5.05.16.529
Corsair Utility Engine Download (iCUE) Download v5.1 (5.1.1114 )
CrystalDiskInfo 9.0.0 RC3 Download
Intel ARC graphics Driver Download Version: 31.0.101.4369
Display Driver Uninstaller Download version 18.0.6.4
HWiNFO Download v7.46
7-Zip v23.00 Download


New Forum Topics
Review: NVIDIA GeForce RTX 4060 Ti 8GB (Founders edition) Amernime Zone AMD Software: Adrenalin / Pro Driver - Discovery Remix 23.4.2 WHQL [Omega 23.5.1 WIP] NVIDIA GeForce Game Ready 532.03 WHQL Download & Discussion Kingston Releases High Endurance SSD "DC600M" Series with Up to 7.68TB Storage Capacity Intel's 14th Generation Meteor Lake Processors: Emphasizing AI and Energy Efficiency EVGA has terminated its partnership with Nvidia , which brand to use ? AMD Software: Adrenalin Edition 23.5.1 - Driver Download and Discussion ASUS Shows ROG Rapture GT-BE98 WiFi 7 Router Old nvidia driver running new games Windows 10 - Tips and Tweaks




Guru3D.com » News » 7-Zip compression program,software contains a severe vulnerability.

7-Zip compression program,software contains a severe vulnerability.

by Hilbert Hagedoorn on: 04/22/2022 06:39 PM | source: hd-tecnologia | 41 comment(s)
7-Zip compression program,software contains a severe vulnerability.

What makes the threat particularly dangerous is not just because it is being utilized, but also because it allows a person to remotely execute malware on an computer.

7-zip, one of the world's most popular file compressors, contains a zero-day vulnerability that might allow an attacker to get administrator access. Although compression software is available for many platforms, it appears that the CVE-2022-29072 flaw now affects just Windows users. The discoverer, a GitHub user called Kagancapar, detailed how the weakness works and provided a video illustrating how it may be abused. According to the researcher, the problem, which may be ascribed to the way the Windows assistance system works, is not solely the responsibility of the 7-Zip creators. An attacker just has to generate a file with the.7z extension, which, when dragged onto the program's help page, offers the ability to execute code on the system with administrator rights.


According to Kangacapar, the obligation of the designers of 7-Zip comes when, after dragging the file, the executable ends up with certain access capabilities that it should not have. The issue affects all Windows versions of the application, including the most recent (21.97), which has yet to be patched.

To protect yourself, remove the 7-zip.chm file from the program installation location or restrict its read and write rights. In the latter instance, the setting must be performed on all users who have access to the computer in order to ensure its security. Commenting on the issue, the fact that the problem has been made public should encourage the deployment of a remedy as soon as possible. The tool was released in 1999 as a free alternative to popular alternatives such as WinRAR and is now available in 89 languages for Windows, BSD, MacOS, Linux, and ReactOS.

 







« Review: Deepcool CK560 chassis · 7-Zip compression program,software contains a severe vulnerability. · Advertisement: April sale: best price Genuine lifetime computer software Windows 10 $12 and Office $25 »

9 pages 1 2 3 4 > »


clopezi
Junior Member



Posts: 15
Joined: 2020-09-03

#6011509 Posted on: 04/22/2022 06:47 PM
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29072

Apparently, the CVE it's disputed...

GamerNerves
Senior Member



Posts: 354
Joined: 2016-10-22

#6011519 Posted on: 04/22/2022 07:22 PM
What are the best alternatives to this program besides WinRAR? I'm curious if I should try something else.

Mannerheim
Senior Member



Posts: 4903
Joined: 2004-01-24

#6011520 Posted on: 04/22/2022 07:25 PM
What are the best alternatives to this program besides WinRAR? I'm curious if I should try something else.

. ARJ :D

Alessio1989
Senior Member



Posts: 2648
Joined: 2015-06-11

#6011522 Posted on: 04/22/2022 07:26 PM
What are the best alternatives to this program besides WinRAR? I'm curious if I should try something else.

Just keep using this program. Just because there is vulnerability doesn't mean you can trigger it in practice. The fact there is even a dispute means it's far than straightforward to trigger it.

Astyanax
Senior Member



Posts: 15700
Joined: 2018-03-21

#6011523 Posted on: 04/22/2022 07:29 PM
There is no exploitable issue here, the reportee is actually trying to profit on a vulnerability that doesn't exist.

9 pages 1 2 3 4 > »


Post New Comment
Click here to post a comment for this news story on the message forum.


Guru3D.com © 2023