Solved 7-Zip vulnerability


Fabler2

Well-known member
Pro User
VIP
Local time
1:58 PM
Posts
3,750
OS
Win 11 Pro & 🐥.

My Computers

System One System Two

  • OS
    Win 11 Pro & 🐥.
    Computer type
    Laptop
    Manufacturer/Model
    ASUS VivoBook
    CPU
    AMD Ryzen 7 3700U with Radeon Vega Mobile Gfx
    Motherboard
    ASUSTeK COMPUTER INC. X509DA (FP5)
    Memory
    12GB
    Graphics Card(s)
    RX Vega 10 Graphics
    Monitor(s) Displays
    Generic PnP Monitor (1920x1080@60Hz)
    Screen Resolution
    1920x1080@60Hz
    Hard Drives
    Samsung SSD 970 EVO Plus 2TB NVMe 1.3
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ACER NITRO
    CPU
    AMD Ryzen 7 5800H / 3.2 GHz
    Motherboard
    CZ Scala_CAS (FP6)
    Memory
    32 GB DDR4 SDRAM 3200 MHz
    Graphics card(s)
    NVIDIA GeForce RTX 3060 6 GB GDDR6 SDRAM
    Sound Card
    Realtek Audio. NVIDIA High Definition Audio
    Monitor(s) Displays
    15.6" LED backlight 1920 x 1080 (Full HD) 144 Hz
    Screen Resolution
    1920 x 1080 (Full HD)
    Hard Drives
    Samsung 970 Evo Plus 2TB NVMe M.2
    PSU
    180 Watt, 19.5 V
    Mouse
    Lenovo Bluetooth
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
Deleted .chm, thanks Peter (y)

A Guy
 

My Computers

System One System Two

  • OS
    Windows 10 Home x64
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom
    CPU
    INTEL Core i5-11400
    Motherboard
    ASUS PRIME H570-PLUS
    Memory
    KINGSTON HyperX Fury Black DDR4 16GB (2 x 8GB) 3200MHz, CL16
    Graphics Card(s)
    EVGA GeForce GTX 750 Superclocked 1GB 128-Bit GDDR5
    Monitor(s) Displays
    LG 32MA68HY 32" IPS
    Screen Resolution
    1920 x 1080
    Hard Drives
    SAMSUNG 250GB 970 EVO Plus NVMe, M.2 SSD, Crucial 250GB MX500, SEAGATE 500GB Barracuda® 7200.12, SATA 3 Gb/s, 7200 RPM, 16MB cache
    PSU
    CORSAIR RM550x 80 PLUS Gold 550W
    Case
    ANTEC P10 FLUX
    Cooling
    be quiet! Pure Rock 2, 5 x 120 mm Case Fans
    Internet Speed
    480 + Mbps Up/ 12+ Mbps Down
    Browser
    Vivaldi Snapshot
    Antivirus
    Avast
  • Operating System
    Windows 10 Home x64
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom
    CPU
    Intel Core i5-750
    Motherboard
    ASUS P7P55D
    Memory
    Kingston HyperX Fury Black 8GB (2x4GB) DDR3-1600MHz CL8
    Graphics card(s)
    MSI GeForce GT 240 N240GT-MD1G/D5 1 GB DDR5
    Monitor(s) Displays
    LG 32MA68HY 32" IPS
    Screen Resolution
    1980x1040
    Hard Drives
    Samsung Electronics 840 EVO 120GB, SEAGATE 500GB Barracuda® 7200.12, SATA 3 Gb/s, 7200 RPM, 16MB cache
    PSU
    Antec TruePower New TP-550 550W
    Case
    Antec 300
    Cooling
    Cooler Master Hyper 212+, 4 Noctua NF-P12 120mm, 1 Noctua NF-P14 FLX
    Internet Speed
    480+ Mbps Down/12+Mbps Up
    Browser
    Vivaldi Snapshot
    Antivirus
    Avast
Thanks for this one!
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 build 10.0.22631.3296 (Release Channel) / Linux Mint 21.3 Cinnamon
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo A485
    CPU
    Ryzen 7 2700U Pro
    Motherboard
    Lenovo (WiFi/BT module upgraded to Intel Wireless-AC-9260)
    Memory
    32GB
    Graphics Card(s)
    iGPU Vega 10
    Sound Card
    Realtek
    Monitor(s) Displays
    14" FHD (built-in) + 14" Lenovo Thinkvision M14t (touch+pen) + 32" Asus PB328
    Screen Resolution
    FHD + FHD + 1440p
    Hard Drives
    Intel 660p m.2 nVME PCIe3.0 x2 512GB
    PSU
    65W
    Keyboard
    Thinkpad / Logitech MX Keys
    Mouse
    Logitech MX Master 2S
    Internet Speed
    600/300Mbit
    Browser
    Edge (Chromium)
    Antivirus
    Windows Defender
    Other Info
    SecureBoot: Enabled
    TPM2.0: Enabled
    AMD-V: Enabled
  • Operating System
    Windows 11 Pro 23H2 build 10.0.22631.3296(Release Preview Channel)
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom
    CPU
    i7-7700k @4.8GHz
    Motherboard
    Asus PRIME Z270-A
    Memory
    32GB 2x16GB 2133MHz CL15
    Graphics card(s)
    EVGA GTX1080Ti FTW 11GB
    Sound Card
    Integrated
    Monitor(s) Displays
    32" 10-bit Asus PB328Q
    Screen Resolution
    WQHD 2560x1440
    Hard Drives
    512GB ADATA SX8000NP NVMe PCIe Gen 3 x4
    PSU
    850W
    Case
    Fractal Design Define 7
    Cooling
    Noctua NH-D15 chromax.black
    Mouse
    Logitech MX Master 2S
    Keyboard
    Logitech MX Keys
    Internet Speed
    600/300Mbit
    Browser
    Edge (Cromium)
    Antivirus
    Windows Defender
    Other Info
    AC WiFi Card
This vulnerability is NOT only affecting 7-ZIP, so if you have other .chm files on your system, they may also be affected.

There is a PowerSHell Script over at Reddit about how to compare all files on your system for possible problems.


Of note are a couple of points.


It's being debated back and forth, but the end result, for now, seems to be that this is a Windows Help file issue, not just a 7-ZIP issue.
 

My Computers

System One System Two

  • OS
    Windows 11 23H2 Current build
    Computer type
    PC/Desktop
    Manufacturer/Model
    HomeBrew
    CPU
    AMD Ryzen 9 3950X
    Motherboard
    MSI MEG X570 GODLIKE
    Memory
    4 * 32 GB - Corsair Vengeance 3600 MHz
    Graphics Card(s)
    EVGA GeForce RTX 3080 Ti XC3 ULTRA GAMING (12G-P5-3955-KR)
    Sound Card
    Realtek® ALC1220 Codec
    Monitor(s) Displays
    2x Eve Spectrum ES07D03 4K Gaming Monitor (Matte) | Eve Spectrum ES07DC9 4K Gaming Monitor (Glossy)
    Screen Resolution
    3x 3840 x 2160
    Hard Drives
    3x Samsung 980 Pro NVMe PCIe 4 M.2 2 TB SSD (MZ-V8P2T0B/AM) } 3x Sabrent Rocket NVMe 4.0 1 TB SSD (USB)
    PSU
    PC Power & Cooling’s Silencer Series 1050 Watt, 80 Plus Platinum
    Case
    Fractal Design Define 7 XL Dark ATX Full Tower Case
    Cooling
    NZXT KRAKEN Z73 73.11 CFM Liquid CPU Cooler (3x 120 mm push top) + Air 3x 140mm case fans (pull front) + 1x 120 mm (push back) and 1 x 120 mm (pull bottom)
    Keyboard
    SteelSeries Apex Pro Wired Gaming Keyboard
    Mouse
    Logitech MX Master 3S | MX Master 3 for Business
    Internet Speed
    AT&T LightSpeed Gigabit Duplex Ftth
    Browser
    Nightly (default) + Firefox (stable), Chrome, Edge
    Antivirus
    Defender + MB 5 Beta
  • Operating System
    ChromeOS Flex Dev Channel (current)
    Computer type
    Laptop
    Manufacturer/Model
    Dell Latitude E5470
    CPU
    Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz, 2501 Mhz, 2 Core(s), 4 Logical Processor(s)
    Motherboard
    Dell
    Memory
    16 GB
    Graphics card(s)
    Intel(R) HD Graphics 520
    Sound Card
    Intel(R) HD Graphics 520 + RealTek Audio
    Monitor(s) Displays
    Dell laptop display 15"
    Screen Resolution
    1920 * 1080
    Hard Drives
    Toshiba 128GB M.2 22300 drive
    INTEL Cherryville 520 Series SSDSC2CW180A 180 GB SATA III SSD
    PSU
    Dell
    Case
    Dell
    Cooling
    Dell
    Mouse
    Logitech MX Master 3S (shared w. Sys 1) | Dell TouchPad
    Keyboard
    Dell
    Internet Speed
    AT&T LightSpeed Gigabit Duplex Ftth
This vulnerability is NOT only affecting 7-ZIP, so if you have other .chm files on your system, they may also be affected.

There is a PowerSHell Script over at Reddit about how to compare all files on your system for possible problems.


Of note are a couple of points.


It's being debated back and forth, but the end result, for now, seems to be that this is a Windows Help file issue, not just a 7-ZIP issue.
Yes, this was the last comment on the link I posted but I removed the file anyway.

1650457754743.png
 

My Computers

System One System Two

  • OS
    Win 11 Pro & 🐥.
    Computer type
    Laptop
    Manufacturer/Model
    ASUS VivoBook
    CPU
    AMD Ryzen 7 3700U with Radeon Vega Mobile Gfx
    Motherboard
    ASUSTeK COMPUTER INC. X509DA (FP5)
    Memory
    12GB
    Graphics Card(s)
    RX Vega 10 Graphics
    Monitor(s) Displays
    Generic PnP Monitor (1920x1080@60Hz)
    Screen Resolution
    1920x1080@60Hz
    Hard Drives
    Samsung SSD 970 EVO Plus 2TB NVMe 1.3
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ACER NITRO
    CPU
    AMD Ryzen 7 5800H / 3.2 GHz
    Motherboard
    CZ Scala_CAS (FP6)
    Memory
    32 GB DDR4 SDRAM 3200 MHz
    Graphics card(s)
    NVIDIA GeForce RTX 3060 6 GB GDDR6 SDRAM
    Sound Card
    Realtek Audio. NVIDIA High Definition Audio
    Monitor(s) Displays
    15.6" LED backlight 1920 x 1080 (Full HD) 144 Hz
    Screen Resolution
    1920 x 1080 (Full HD)
    Hard Drives
    Samsung 970 Evo Plus 2TB NVMe M.2
    PSU
    180 Watt, 19.5 V
    Mouse
    Lenovo Bluetooth
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
Correct. But my point is that with the script from Reddit you can check all your legacy .CHM files on your system to verify in case any of those are also vulnerable.

Also, do realize that, currently this is a vulnerability that requires local access.
 

My Computers

System One System Two

  • OS
    Windows 11 23H2 Current build
    Computer type
    PC/Desktop
    Manufacturer/Model
    HomeBrew
    CPU
    AMD Ryzen 9 3950X
    Motherboard
    MSI MEG X570 GODLIKE
    Memory
    4 * 32 GB - Corsair Vengeance 3600 MHz
    Graphics Card(s)
    EVGA GeForce RTX 3080 Ti XC3 ULTRA GAMING (12G-P5-3955-KR)
    Sound Card
    Realtek® ALC1220 Codec
    Monitor(s) Displays
    2x Eve Spectrum ES07D03 4K Gaming Monitor (Matte) | Eve Spectrum ES07DC9 4K Gaming Monitor (Glossy)
    Screen Resolution
    3x 3840 x 2160
    Hard Drives
    3x Samsung 980 Pro NVMe PCIe 4 M.2 2 TB SSD (MZ-V8P2T0B/AM) } 3x Sabrent Rocket NVMe 4.0 1 TB SSD (USB)
    PSU
    PC Power & Cooling’s Silencer Series 1050 Watt, 80 Plus Platinum
    Case
    Fractal Design Define 7 XL Dark ATX Full Tower Case
    Cooling
    NZXT KRAKEN Z73 73.11 CFM Liquid CPU Cooler (3x 120 mm push top) + Air 3x 140mm case fans (pull front) + 1x 120 mm (push back) and 1 x 120 mm (pull bottom)
    Keyboard
    SteelSeries Apex Pro Wired Gaming Keyboard
    Mouse
    Logitech MX Master 3S | MX Master 3 for Business
    Internet Speed
    AT&T LightSpeed Gigabit Duplex Ftth
    Browser
    Nightly (default) + Firefox (stable), Chrome, Edge
    Antivirus
    Defender + MB 5 Beta
  • Operating System
    ChromeOS Flex Dev Channel (current)
    Computer type
    Laptop
    Manufacturer/Model
    Dell Latitude E5470
    CPU
    Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz, 2501 Mhz, 2 Core(s), 4 Logical Processor(s)
    Motherboard
    Dell
    Memory
    16 GB
    Graphics card(s)
    Intel(R) HD Graphics 520
    Sound Card
    Intel(R) HD Graphics 520 + RealTek Audio
    Monitor(s) Displays
    Dell laptop display 15"
    Screen Resolution
    1920 * 1080
    Hard Drives
    Toshiba 128GB M.2 22300 drive
    INTEL Cherryville 520 Series SSDSC2CW180A 180 GB SATA III SSD
    PSU
    Dell
    Case
    Dell
    Cooling
    Dell
    Mouse
    Logitech MX Master 3S (shared w. Sys 1) | Dell TouchPad
    Keyboard
    Dell
    Internet Speed
    AT&T LightSpeed Gigabit Duplex Ftth
Update 4/20/2022 7:50amPT: The listed 7zip CVE-2022-29072 vulnerability has now been marked as "disputed" in the official listing, and "multiple third parties have reported that no privilege escalation can occur." According to Google Project Zero vulnerability researcher Tavis Ormandy who alerted us to the dispute, this exploit could only occur by editing the registry and possibly other maneuvers (like adding another Local Administrator account). However, the description isn't clear enough to discern the method of attack. We'll keep you updated if the dispute is granted.
 

My Computers

System One System Two

  • OS
    Windows 11 22H2
    Computer type
    Laptop
    Manufacturer/Model
    Alienware M17 R3
    CPU
    Intel Core i7-10750H (Comet Lake)
    Motherboard
    Alienware
    Memory
    32GB DDR4
    Graphics Card(s)
    NVIDIA GeForce RTX 2060 and Intel UHD Graphics
    Sound Card
    Realtek ALC3281-CG
    Monitor(s) Displays
    17"
    Screen Resolution
    3840x2160
    Hard Drives
    Micron 2300 NVMe 1TB
    PC SN530 NVMe WDC 512GB
    Mouse
    Logitech MX Master 3
    Internet Speed
    60mbps
    Browser
    Vivaldi and Firefox
    Antivirus
    MS Defender and Malwarebytes Free
  • Operating System
    Windows 11 22H2
    Computer type
    Laptop
    Manufacturer/Model
    Microsoft Surface Laptop 3
    CPU
    Intel Core i7-1065G7 (Ice Lake)
    Motherboard
    Microsoft Corp.
    Memory
    16GB DDR4
    Graphics card(s)
    Intel Iris Plus Graphics
    Sound Card
    Omnisonic Speakers with Dolby Audio
    Monitor(s) Displays
    13.5” PixelSense Touchscreen Display
    Screen Resolution
    2256x1504
    Hard Drives
    Toshiba Memory 512GB
    Mouse
    Surface Arc Mouse
    Internet Speed
    60 mbps
    Browser
    Vivaldi and Firefox
    Antivirus
    MS Defender and Malwarebytes Free
Update 4/20/2022 7:50amPT: The listed 7zip CVE-2022-29072 vulnerability has now been marked as "disputed" in the official listing, and "multiple third parties have reported that no privilege escalation can occur." According to Google Project Zero vulnerability researcher Tavis Ormandy who alerted us to the dispute, this exploit could only occur by editing the registry and possibly other maneuvers (like adding another Local Administrator account). However, the description isn't clear enough to discern the method of attack. We'll keep you updated if the dispute is granted.
Until they make their minds up the .chm file is gone. Don't need it.
 

My Computers

System One System Two

  • OS
    Win 11 Pro & 🐥.
    Computer type
    Laptop
    Manufacturer/Model
    ASUS VivoBook
    CPU
    AMD Ryzen 7 3700U with Radeon Vega Mobile Gfx
    Motherboard
    ASUSTeK COMPUTER INC. X509DA (FP5)
    Memory
    12GB
    Graphics Card(s)
    RX Vega 10 Graphics
    Monitor(s) Displays
    Generic PnP Monitor (1920x1080@60Hz)
    Screen Resolution
    1920x1080@60Hz
    Hard Drives
    Samsung SSD 970 EVO Plus 2TB NVMe 1.3
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ACER NITRO
    CPU
    AMD Ryzen 7 5800H / 3.2 GHz
    Motherboard
    CZ Scala_CAS (FP6)
    Memory
    32 GB DDR4 SDRAM 3200 MHz
    Graphics card(s)
    NVIDIA GeForce RTX 3060 6 GB GDDR6 SDRAM
    Sound Card
    Realtek Audio. NVIDIA High Definition Audio
    Monitor(s) Displays
    15.6" LED backlight 1920 x 1080 (Full HD) 144 Hz
    Screen Resolution
    1920 x 1080 (Full HD)
    Hard Drives
    Samsung 970 Evo Plus 2TB NVMe M.2
    PSU
    180 Watt, 19.5 V
    Mouse
    Lenovo Bluetooth
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
Hi folks

Does anybody actually use .chm files any more. Surely any sensible help documentation these days would use html so you could easily study the documentation in a browser while also running the application you wanted the documentation for. Not only that but it makes better sense as well as you could embed video / audio content as well if required if the product involved complex assembly or special connection instructions e.g some Mobos.

For legacy apps etc there's so many ways to run those safely that to me this thing is really either "Fake News" or of zero importance.

In any case there's nothing on my Windows machines that is of any value to anybody even if they were to break in. All my online shopping etc is done via a decently secured NAS system and on laptops when travelllng I always run Windows either from an external USB device or usually as a VM. I never use any work supplied laptops for home banking etc even though full Internet access is allowed.

Sometimes there's too much paranoia on security for domestic systems these days. Russian, Chinese ad N.Korean hackers aren't interested into breaking into "Mom, Pop, Grandad" computers but want to cause damage to infrastructure, disrupt a countries services, remove money from its banks, crash the Stock market etc etc.

Windows these days if you keep up with the regular updates (on the "standard i.e non insider editions" is perfectly safe for around 99.9999% of its users world wide. Where fraud is reported it's often caused by "Bog standard Scams" that have been around ever since Humans started trading but are easily avoidable with a bit of common sense.

Windows has moved on from XP and W7 days when Windows "Security" was a real joke.

cheers
jimbo
 
Last edited:

My Computer

System One

  • OS
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7
Back
Top Bottom