CVE-2022-29072

Name of the Vulnerable Software and Affected Versions 7-Zip versions 21.07 and earlier

Description The issue is related to a heap overflow in the 7z.dll library, which can be exploited to escalate privileges. This can be achieved by dragging a specially crafted .7z file to the Help>Contents area, allowing an attacker to execute commands with elevated privileges. The problem is caused by a combination of misconfiguration of the 7z.dll library and a heap overflow. It is estimated that this issue affects users of 7-Zip on Windows, but the exact number of potentially affected devices is not specified.

Recommendations For 7-Zip version 21.07 and earlier, consider deleting the 7-zip.chm file as a temporary workaround to mitigate the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.