8th November 2024

Critical Vulnerability in 7-Zip.exe and FzGM.exe – CVE-2022-29072

The vulnerability “CVE 2022-29072“, where you can find the vulnerability, exploitation, mitigation methods, has been published at “https://github.com/kagancapar/CVE-2022-29072“. Up to “21.07“, the current version of 7zip, this vulnerability is affected. It allows for escalation. Its exploitation is also not very complex.

It is possible to detect the exploitation of the related vulnerability, after running 7zip.exe, by writing a rule in case of child processes PowerShell, cmd or a network connection.

7-Zip
7-Zip

Affected Systems

Windows, AmigaOS, Unix, Linux.

Solution and CVE/CWE

CVE/CWE: CVE-2022-29072

7-Zip has yet to release a security update to fix this vulnerability. To fix this vulnerability, users only need to delete the 7-zip.chm file in the 7-Zip installation directory. After deletion, hackers can no longer exploit the CVE-2022-29072 vulnerability to escalate privileges.

You can also write a rule about this issue in your EDR products. The rule you will write can enable block action when the “cmd.exe” and “powershell.exe” sub-processes run from within the “7zFM.exe” and “FzGM.exe” processes.

Critical Vulnerability in 7-Zip.exe and FzGM.exe - CVE-2022-29072
Critical Vulnerability in 7-Zip.exe and FzGM.exe – CVE-2022-29072

 

Note: Those with a CVSS 3.1 score of 7.0-8.9 out of 10 are considered “high”, and those with 9.0-10.0 are considered “critical” vulnerabilities.

Reference:

 

LEARN MORE  Microsoft DNS Server Remote Code Execution Vulnerability - CVE-2021-26893, CVE-2021-26894 and CVE-2021-26895

Leave a Reply

Your email address will not be published. Required fields are marked *