Name of the Vulnerable Software and Affected Versions:

7-Zip versions prior to 18.02

Description:

The issue is related to the implementation of the "Large memory pages" option in 7-Zip, which uses the LsaAddAccountRights function to add the SeLockMemoryPrivilege privilege to the user's account. This can potentially allow attackers to bypass intended access restrictions by utilizing this privilege in a sandboxed process. The exploitation of this issue may enable an attacker to circumvent existing access limitations using the SeLockMemoryPrivilege privilege.

Recommendations:

For 7-Zip versions prior to 18.02, consider disabling the "Large memory pages" option as a temporary workaround to minimize the risk of exploitation. Restrict access to the LsaAddAccountRights function to prevent potential misuse of the SeLockMemoryPrivilege privilege.