Since it is using the included Help file, one way of dealing with the issue is to delete the Help file. Users of the application may use the following workaround to mitigate the vulnerability on their devices. The last update of the application dates back to the release of 7-Zip in December 2021 It is unclear if and when 7-Zip will address the issue. The page provides technical information and a short demonstration video of the exploit. Vulnerability details have been published on GitHub. Multiple researchers, who analyzed the vulnerability, have reported that no privilege escalation can occur. Attackers need to drag and drop files with the 7z extension on to the Help > Contents area in the 7-Zip interface. Other names may be trademarks of their respective owners.Filed under CVE-2022-29072, the vulnerability is using the included 7-Zip Help file, 7-zip.chm, for the exploit. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Microsoft and the Window logo are trademarks of Microsoft Corporation in the U.S. Alexa and all related logos are trademarks of, Inc. App Store is a service mark of Apple Inc. Mac, iPhone, iPad, Apple and the Apple logo are trademarks of Apple Inc., registered in the U.S. Android, Google Chrome, Google Play and the Google Play logo are trademarks of Google, LLC. Firefox is a trademark of Mozilla Foundation. or its affiliates in the United States and other countries. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. LifeLock identity theft protection is not available in all countries.Ĭopyright © 2022 NortonLifeLock Inc. The Norton and LifeLock Brands are part of NortonLifeLock Inc.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |