Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-29072

EPSS 18.07% · P95
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-29072

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe process. NOTE: multiple third parties have reported that no privilege escalation can occur
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
7-Zip 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
7-Zip是一个压缩软件。 7-Zip 21.07存在安全漏洞,该漏洞允许在扩展名为 .7z 的文件被拖到帮助>内容区域时进行权限升级和命令执行。这是由 7z.dll 配置错误和堆溢出引起的。该命令在7zFM.exe进程下的子进程中运行。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
-n/a n/a -

II. Public POCs for CVE-2022-29072

#POC DescriptionSource LinkShenlong Link
17-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area.https://github.com/kagancapar/CVE-2022-29072POC Details
2Powershell to mitigate CVE-2022-29072https://github.com/tiktb8/CVE-2022-29072POC Details
3** DISPUTED ** 7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe process, NOTE: multiple third parties have reported that no privilege escalation can occur.https://github.com/sentinelblue/CVE-2022-29072POC Details
47-Zip CVE-2022-29072 Mitigation - CHM file - This script detects if the .chm file exists and removes it.https://github.com/Phantomiman/7-Zip.chm-MitigationPOC Details
5Nonehttps://github.com/rasan2001/CVE-2022-29072POC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2022-29072

登录查看更多情报信息。

Same Patch Batch · n/a · 2022-04-15 · 67 CVEs total

CVE-2022-242797.5 HIGHPrototype Pollution
CVE-2022-292874.9 MEDIUMKentico 安全漏洞
CVE-2022-27423Chamilo LMS SQL注入漏洞
CVE-2021-44493YottaDB 安全漏洞
CVE-2022-27422Chamilo LMS 跨站脚本漏洞
CVE-2021-44506FIS GT.M 代码问题漏洞
CVE-2022-27257Hubzilla 安全漏洞
CVE-2021-44505FIS GT.M 代码问题漏洞
CVE-2021-44504FIS GT.M 安全漏洞
CVE-2021-44503FIS GT.M 缓冲区错误漏洞
CVE-2021-44502FIS GT.M 安全漏洞
CVE-2021-44501FIS GT.M 代码问题漏洞
CVE-2021-44500FIS GT.M数字错误漏洞
CVE-2021-44499FIS GT.M 缓冲区错误漏洞
CVE-2021-44498FIS GT.M 代码问题漏洞
CVE-2021-44497FIS GT.M 资源管理错误漏洞
CVE-2021-44496YottaDB缓冲区错误漏洞
CVE-2021-44495YottaDB 代码问题漏洞
CVE-2021-44494YottaDB 代码问题漏洞
CVE-2022-27367CScms SQL注入漏洞

Showing top 20 of 67 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a
Same vendor: n/a

V. Comments for CVE-2022-29072

No comments yet

Leave a comment