Now You: which archiver do you use? (via Deskmodder)Īnd as usual this will not affect anyone relevant, especially ghacks viewers.Įven if it wasn’t just ‘local’, it wouldn’t be a problem, it’s like… if someone has already an intruder in their computers, I don’t think the first thought of the intruder will be “can I exploit 7zip?”
While it appears unlikely that the issue is exploited on large scale, most users may want to remove the Help file to protect their systems against exploits targeting the issue. The Help file won't open anymore after the deletion, when you select Help > Contents in the 7-Zip File Manager or press the F1-key on the keyboard.ĭeleting the Help file does not take longer than a minute. 7-Zip functionality is not reduced when you delete the help file.
The file is moved to the recycle bin of the operating system by default. You may get a prompt, File Access Denied.Hit the delete button on the keyboard or right-click on the file and select the Delete context menu option, to remove it from the system.You can open it directly to display its content. Locate the file 7-Zip.chm this is the help file.On Windows, these are usually C:\Program Files\7-Zip or C:\Program Files (x86)\7-Zip, depending on whether the 64-bit or the 32-bit version of the application has been installed. Open the 7-Zip installation directory or folder on the system.Since it is using the included Help file, one way of dealing with the issue is to delete the Help file. Users of the application may use the following workaround to mitigate the vulnerability on their devices. The last update of the application dates back to the release of 7-Zip in December 2021 It is unclear if and when 7-Zip will address the issue. The page provides technical information and a short demonstration video of the exploit.
Vulnerability details have been published on GitHub. Multiple researchers, who analyzed the vulnerability, have reported that no privilege escalation can occur. Attackers need to drag and drop files with the 7z extension on to the Help > Contents area in the 7-Zip interface. Filed under CVE-2022-29072, the vulnerability is using the included 7-Zip Help file, 7-zip.chm, for the exploit.
0 kommentar(er)
