Serious vulnerability discovered in 7-Zip for Windows

Miscellaneous   /   by admin   /   April 22, 2022

It can give an attacker full access to a computer with an installed program.

In the free and open source archiver 7-Zip discovered serious vulnerability. It is capable of giving an attacker admin-level access without the need to crack a password using a combination of 7-Zip and Windows Help.

The video below shows how the user who discovered the vulnerability exploits it. It drags a fake .7z file that mimics a 7-Zip archive into the program's help window, allowing it to execute commands as an administrator. This gives access to a higher level system and provides access to programs and commands that would normally require a password.

This vulnerability is present in all versions of the application for Windows, the developers have not yet managed to close it. If this bothers you, you don't have to uninstall the program: you can only restrict its rights to read and execute only.

Read also🧐

  • 10 Useless Windows 10 Components You Should Disable and Remove
  • iPhone found a vulnerability that allows you to simulate a reboot and spy on users
    • instagram viewer
  • A critical vulnerability has been found in Windows 10. Because of it, one line of code breaks the hard drive
Tags cloud
Rating
0
Views
0
Comments
YOU MIGHT ALSO LIKE