What will be the consequence of this disputed vulnerability in 7-ZIP?

Threat Level – Amber | Vulnerability Report
Download PDF

THREAT LEVEL: Red.

For a detailed advisory, download the pdf file here

The zero-day vulnerability in 7- Zip software, tracked as CVE-2022-29072 is marked as disputed by the National Vulnerability Database(NVD), and sparked discussions over its consequences. This started when a researcher published a proof-of-concept (POC) for this vulnerability and stated that it allowed remote privilege escalation. However, other well-known researchers, such as those from Google’s Project Zero, have indicated that this security flaw would allow the execution of arbitrary code via 7-Zip while opening a file with the.7z extension.

The impact of this vulnerability remains uncertain and due to the non-availability of the patch and a proof-of-concept being widely available, The Hive pro Threat research team recommends temporarily resolving this issue by deleting the Help file. The following are the steps to do this: 1. Open the 7-Zip installation directory or folder on the system 2. Locate the file 7-Zip.chm; this is the help file 3. Right-click on the file and select the Delete context menu option, to remove it from the system.

Potential MITRE ATT&CK TTPs are:

TA0042: Resource Development

T1588: Obtain Capabilities

T1588.005: Obtain Capabilities: Exploits

T1588.006: Obtain Capabilities: Vulnerabilities

TA0001: Initial Access T1190: Exploit Public-Facing Application

Vulnerability Details

References

https://github.com/kagancapar/CVE-2022-29072

https://www.geektopia.es/es/technology/2022/04/20/noticias/un-fallo-de-seguridad-en-7-zip-es-menos-grave-de-lo-inicialmente-indicado.html

What’s new on HivePro

Get through updates and upcoming events, and more directly in your inbox