Solved 7-Zip vulnerability


Fabler2

Well-known member
Power User
VIP
Local time
10:17 AM
Posts
1,422
OS
Win 11 Pro & Dev.

My Computers

System One System Two

  • OS
    Win 11 Pro & Dev.
    Computer type
    Laptop
    Manufacturer/Model
    ASUS VivoBook
    CPU
    AMD Ryzen 7 3700U with Radeon Vega Mobile Gfx
    Motherboard
    ASUSTeK COMPUTER INC. X509DA (FP5)
    Memory
    12GB
    Graphics Card(s)
    RX Vega 10 Graphics
    Monitor(s) Displays
    Generic PnP Monitor (1920x1080@60Hz)
    Screen Resolution
    1920x1080@60Hz
    Hard Drives
    INTEL SSD 660p 512GB NVMe
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ACER
    CPU
    AMD Ryzen 7 5800H / 3.2 GHz
    Motherboard
    CZ Scala_CAS (FP6)
    Memory
    16 GB (2 x 8 GB) DDR4 SDRAM 3200 MHz
    Graphics card(s)
    NVIDIA GeForce RTX 3060 6 GB GDDR6 SDRAM
    Sound Card
    Realtek Audio. NVIDIA High Definition Audio
    Monitor(s) Displays
    15.6" LED backlight 1920 x 1080 (Full HD) 144 Hz
    Screen Resolution
    1920 x 1080 (Full HD)
    Hard Drives
    1.024 TB SSD M.2 2280 - Samsung
    PSU
    180 Watt, 19.5 V
    Mouse
    Logitech
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender

A Guy

Righteous Dude
Power User
VIP
Local time
2:17 AM
Posts
1,164
Location
No matter where you go, there you are
OS
Windows 10 Home x64
Deleted .chm, thanks Peter (y)

A Guy
 

My Computers

System One System Two

  • OS
    Windows 10 Home x64
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom
    CPU
    INTEL Core i5-11400
    Motherboard
    ASUS PRIME H570-PLUS
    Memory
    KINGSTON HyperX Fury Black DDR4 16GB (2 x 8GB) 3200MHz, CL16
    Graphics Card(s)
    EVGA GeForce GTX 750 Superclocked 1GB 128-Bit GDDR5
    Monitor(s) Displays
    LG 32MA68HY 32" IPS
    Screen Resolution
    1920 x 1080
    Hard Drives
    SAMSUNG 250GB 970 EVO Plus NVMe, M.2 SSD, Crucial 250GB MX500, SEAGATE 500GB Barracuda® 7200.12, SATA 3 Gb/s, 7200 RPM, 16MB cache
    PSU
    CORSAIR RM550x 80 PLUS Gold 550W
    Case
    ANTEC P10 FLUX
    Cooling
    be quiet! Pure Rock 2, 5 x 120 mm Case Fans
    Internet Speed
    480 + Mbps Up/ 12+ Mbps Down
    Browser
    Vivaldi Snapshot
    Antivirus
    Avast
  • Operating System
    Windows 10 Home x64
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom
    CPU
    Intel Core i5-750
    Motherboard
    ASUS P7P55D
    Memory
    Kingston HyperX Fury Black 8GB (2x4GB) DDR3-1600MHz CL8
    Graphics card(s)
    MSI GeForce GT 240 N240GT-MD1G/D5 1 GB DDR5
    Monitor(s) Displays
    LG 32MA68HY 32" IPS
    Screen Resolution
    1980x1040
    Hard Drives
    Samsung Electronics 840 EVO 120GB, SEAGATE 500GB Barracuda® 7200.12, SATA 3 Gb/s, 7200 RPM, 16MB cache
    PSU
    Antec TruePower New TP-550 550W
    Case
    Antec 300
    Cooling
    Cooler Master Hyper 212+, 4 Noctua NF-P12 120mm, 1 Noctua NF-P14 FLX
    Internet Speed
    480+ Mbps Down/12+Mbps Up
    Browser
    Vivaldi Snapshot
    Antivirus
    Avast

SlicEnDicE

Well-known member
Power User
VIP
Local time
12:17 PM
Posts
925
Location
Finland
OS
Windows 11 Pro build 10.0.25115.1000 (Dev Channel)
Thanks for this one!
 

My Computers

System One System Two

  • OS
    Windows 11 Pro build 10.0.25115.1000 (Dev Channel)
    Computer type
    Laptop
    Manufacturer/Model
    Lenovo A485
    CPU
    Ryzen 7 2700U Pro
    Motherboard
    Lenovo
    Memory
    32GB
    Graphics Card(s)
    iGPU Vega 10
    Sound Card
    Realtek
    Monitor(s) Displays
    14" FHD (built-in) + 14" Lenovo Thinkvision M14t (touch+pen) + 32" Asus PB328
    Screen Resolution
    FHD + FHD + 1440p
    Hard Drives
    Intel 660p m.2 nVME PCIe3.0 x2 512GB
    PSU
    65W
    Keyboard
    Thinkpad
    Mouse
    Logitech MX Master 2S
    Internet Speed
    400/100Mbit
    Browser
    Edge (Chromium)
    Antivirus
    Windows Defender
    Other Info
    WSA: Installed
    SecureBoot: Enabled
    TPM2.0: Enabled
    AMD-V: Enabled
    VBS: Enabled
    HVCI: Enabled
  • Operating System
    Windows 10 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Custom
    CPU
    i7-7700k @4.8GHz
    Motherboard
    Asus PRIME Z270-A
    Memory
    32GB 2x4GB 2133MHz CL15
    Graphics card(s)
    EVGA GTX1080Ti FTW 11GB
    Sound Card
    Integrated
    Monitor(s) Displays
    32" 10-bit Asus PB328Q
    Screen Resolution
    WQHD 2560x1440
    PSU
    850W
    Case
    Fractal Design Define 7
    Cooling
    Noctua NH-D15 chromax.black
    Mouse
    Logitech MX Master 2S
    Keyboard
    Logitech G710+
    Internet Speed
    400/100Mbit
    Browser
    Edge (Cromium)
    Antivirus
    Windows Defender

johnlgalt

Antidisestablishmentarianistentarianist
Power User
VIP
Local time
5:17 AM
Posts
2,341
Location
3rd Rock
OS
Windows 11 21H2
This vulnerability is NOT only affecting 7-ZIP, so if you have other .chm files on your system, they may also be affected.

There is a PowerSHell Script over at Reddit about how to compare all files on your system for possible problems.

https://www.reddit.com/r/msp/comments/u6j7nn
Of note are a couple of points.

https://www.reddit.com/r/msp/comments/u6j7nn/_/i59rzp0
It's being debated back and forth, but the end result, for now, seems to be that this is a Windows Help file issue, not just a 7-ZIP issue.
 

My Computers

System One System Two

  • OS
    Windows 11 21H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    HomeBrew
    CPU
    AMD Ryzen 9 3950X
    Motherboard
    MSI MEG X570 GODLIKE
    Memory
    4 * Corsair Vengeance 32 GB 3600 MHz
    Graphics Card(s)
    EVGA GeForce RTX 3080 Ti XC3 ULTRA GAMING (12G-P5-3955-KR)
    Sound Card
    Realtek® ALC1220 Codec
    Monitor(s) Displays
    Eve Spectrum ES07D02 280 Hz QHD | Eve Spectrum ES07D03 4K Gaming Monitor
    Screen Resolution
    1440p | 4k
    Hard Drives
    3x Samsung 980 Pro NVMe PCIe 4 M.2 2 TB SSD (MZ-V8P2T0B/AM)
    PSU
    PC Power & Cooling’s Silencer Series 1050 Watt, 80 Plus Platinum
    Case
    Fractal Design Define 7 XL Dark ATX Full Tower Case
    Cooling
    ZXT KRAKEN Z73 73.11 CFM Liquid CPU Cooler (3x 120 mm push top) + Air 3x 140mm case fans (pull front) + 1x 120 mm (push back) and 1 x 120 mm (pull bottom)
    Keyboard
    SteelSeries Apex Pro Wired Gaming Keyboard
    Mouse
    Logitech MX Master 3 for Business
    Internet Speed
    Logitech MX Master 3 for Business
    Browser
    Nightly (default) + Firefox (stable),Chrome, Edge/ß/Dev/Canary
    Antivirus
    Defender
  • Operating System
    Windows 10 x64 Pro build 21H1
    Computer type
    Laptop
    Manufacturer/Model
    Dell Latitude E5470
    CPU
    Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz, 2501 Mhz, 2 Core(s), 4 Logical Processor(s)
    Motherboard
    Dell
    Memory
    16 GB
    Graphics card(s)
    Intel(R) HD Graphics 520
    Sound Card
    Intel(R) HD Graphics 520 + RealTek Audio
    Monitor(s) Displays
    Dell laptop display 15"
    Screen Resolution
    1920 * 1080
    Hard Drives
    Toshiba 128GB M.2 22300 drive
    INTEL Cherryvill 520 Series SSDSC2CW180A 180 GB SATA III SSD
    PSU
    Dell
    Case
    Dell
    Cooling
    Dell
    Mouse
    Logitech MX Master (shared) | Dell TouchPad
    Keyboard
    Dell
    Internet Speed
    AT&T LightSpeed Gigabit Duplex
    Browser
    Edge Chromium | Chrome | Firefox Nightly | Brave
    Antivirus
    Defender + MB4

Fabler2

Well-known member
Power User
VIP
Thread Starter
Local time
10:17 AM
Posts
1,422
OS
Win 11 Pro & Dev.
This vulnerability is NOT only affecting 7-ZIP, so if you have other .chm files on your system, they may also be affected.

There is a PowerSHell Script over at Reddit about how to compare all files on your system for possible problems.

https://www.reddit.com/r/msp/comments/u6j7nn
Of note are a couple of points.

https://www.reddit.com/r/msp/comments/u6j7nn/_/i59rzp0
It's being debated back and forth, but the end result, for now, seems to be that this is a Windows Help file issue, not just a 7-ZIP issue.
Yes, this was the last comment on the link I posted but I removed the file anyway.

1650457754743.png
 

My Computers

System One System Two

  • OS
    Win 11 Pro & Dev.
    Computer type
    Laptop
    Manufacturer/Model
    ASUS VivoBook
    CPU
    AMD Ryzen 7 3700U with Radeon Vega Mobile Gfx
    Motherboard
    ASUSTeK COMPUTER INC. X509DA (FP5)
    Memory
    12GB
    Graphics Card(s)
    RX Vega 10 Graphics
    Monitor(s) Displays
    Generic PnP Monitor (1920x1080@60Hz)
    Screen Resolution
    1920x1080@60Hz
    Hard Drives
    INTEL SSD 660p 512GB NVMe
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ACER
    CPU
    AMD Ryzen 7 5800H / 3.2 GHz
    Motherboard
    CZ Scala_CAS (FP6)
    Memory
    16 GB (2 x 8 GB) DDR4 SDRAM 3200 MHz
    Graphics card(s)
    NVIDIA GeForce RTX 3060 6 GB GDDR6 SDRAM
    Sound Card
    Realtek Audio. NVIDIA High Definition Audio
    Monitor(s) Displays
    15.6" LED backlight 1920 x 1080 (Full HD) 144 Hz
    Screen Resolution
    1920 x 1080 (Full HD)
    Hard Drives
    1.024 TB SSD M.2 2280 - Samsung
    PSU
    180 Watt, 19.5 V
    Mouse
    Logitech
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender

johnlgalt

Antidisestablishmentarianistentarianist
Power User
VIP
Local time
5:17 AM
Posts
2,341
Location
3rd Rock
OS
Windows 11 21H2
Correct. But my point is that with the script from Reddit you can check all your legacy .CHM files on your system to verify in case any of those are also vulnerable.

Also, do realize that, currently this is a vulnerability that requires local access.
 

My Computers

System One System Two

  • OS
    Windows 11 21H2
    Computer type
    PC/Desktop
    Manufacturer/Model
    HomeBrew
    CPU
    AMD Ryzen 9 3950X
    Motherboard
    MSI MEG X570 GODLIKE
    Memory
    4 * Corsair Vengeance 32 GB 3600 MHz
    Graphics Card(s)
    EVGA GeForce RTX 3080 Ti XC3 ULTRA GAMING (12G-P5-3955-KR)
    Sound Card
    Realtek® ALC1220 Codec
    Monitor(s) Displays
    Eve Spectrum ES07D02 280 Hz QHD | Eve Spectrum ES07D03 4K Gaming Monitor
    Screen Resolution
    1440p | 4k
    Hard Drives
    3x Samsung 980 Pro NVMe PCIe 4 M.2 2 TB SSD (MZ-V8P2T0B/AM)
    PSU
    PC Power & Cooling’s Silencer Series 1050 Watt, 80 Plus Platinum
    Case
    Fractal Design Define 7 XL Dark ATX Full Tower Case
    Cooling
    ZXT KRAKEN Z73 73.11 CFM Liquid CPU Cooler (3x 120 mm push top) + Air 3x 140mm case fans (pull front) + 1x 120 mm (push back) and 1 x 120 mm (pull bottom)
    Keyboard
    SteelSeries Apex Pro Wired Gaming Keyboard
    Mouse
    Logitech MX Master 3 for Business
    Internet Speed
    Logitech MX Master 3 for Business
    Browser
    Nightly (default) + Firefox (stable),Chrome, Edge/ß/Dev/Canary
    Antivirus
    Defender
  • Operating System
    Windows 10 x64 Pro build 21H1
    Computer type
    Laptop
    Manufacturer/Model
    Dell Latitude E5470
    CPU
    Intel(R) Core(TM) i5-6300U CPU @ 2.40GHz, 2501 Mhz, 2 Core(s), 4 Logical Processor(s)
    Motherboard
    Dell
    Memory
    16 GB
    Graphics card(s)
    Intel(R) HD Graphics 520
    Sound Card
    Intel(R) HD Graphics 520 + RealTek Audio
    Monitor(s) Displays
    Dell laptop display 15"
    Screen Resolution
    1920 * 1080
    Hard Drives
    Toshiba 128GB M.2 22300 drive
    INTEL Cherryvill 520 Series SSDSC2CW180A 180 GB SATA III SSD
    PSU
    Dell
    Case
    Dell
    Cooling
    Dell
    Mouse
    Logitech MX Master (shared) | Dell TouchPad
    Keyboard
    Dell
    Internet Speed
    AT&T LightSpeed Gigabit Duplex
    Browser
    Edge Chromium | Chrome | Firefox Nightly | Brave
    Antivirus
    Defender + MB4

FrancoDT

Well-known member
Member
VIP
Local time
2:17 AM
Posts
244
Location
Nevada
OS
Windows 11
Update 4/20/2022 7:50amPT: The listed 7zip CVE-2022-29072 vulnerability has now been marked as "disputed" in the official listing, and "multiple third parties have reported that no privilege escalation can occur." According to Google Project Zero vulnerability researcher Tavis Ormandy who alerted us to the dispute, this exploit could only occur by editing the registry and possibly other maneuvers (like adding another Local Administrator account). However, the description isn't clear enough to discern the method of attack. We'll keep you updated if the dispute is granted.
 

My Computers

System One System Two

  • OS
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    Alienware M17 R3
    CPU
    Intel Core i7-10750H (Comet Lake)
    Motherboard
    Alienware
    Memory
    32GB DDR4
    Graphics Card(s)
    NVIDIA GeForce RTX 2060 and Intel UHD Graphics
    Sound Card
    Realtek ALC3281-CG
    Monitor(s) Displays
    17"
    Screen Resolution
    3840x2160
    Hard Drives
    Micron 2300 NVMe 1TB
    PC SN530 NVMe WDC 512GB
    Mouse
    Logitech MX Master 3
    Internet Speed
    50mbps
    Browser
    Vivaldi and Firefox
    Antivirus
    MS Defender and Malwarebytes Free
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    Microsoft Surface Laptop 3
    CPU
    Intel Core i7-1065G7 (Ice Lake)
    Motherboard
    Microsoft Corp.
    Memory
    16GB DDR4
    Graphics card(s)
    Intel Iris Plus Graphics
    Sound Card
    Omnisonic Speakers with Dolby Audio
    Monitor(s) Displays
    13.5” PixelSense Touchscreen Display
    Screen Resolution
    2256x1504
    Hard Drives
    Toshiba Memory 512GB
    Internet Speed
    50 mbps
    Browser
    Vivaldi and Firefox
    Antivirus
    MS Defender and Malwarebytes Free

Fabler2

Well-known member
Power User
VIP
Thread Starter
Local time
10:17 AM
Posts
1,422
OS
Win 11 Pro & Dev.
Update 4/20/2022 7:50amPT: The listed 7zip CVE-2022-29072 vulnerability has now been marked as "disputed" in the official listing, and "multiple third parties have reported that no privilege escalation can occur." According to Google Project Zero vulnerability researcher Tavis Ormandy who alerted us to the dispute, this exploit could only occur by editing the registry and possibly other maneuvers (like adding another Local Administrator account). However, the description isn't clear enough to discern the method of attack. We'll keep you updated if the dispute is granted.
Until they make their minds up the .chm file is gone. Don't need it.
 

My Computers

System One System Two

  • OS
    Win 11 Pro & Dev.
    Computer type
    Laptop
    Manufacturer/Model
    ASUS VivoBook
    CPU
    AMD Ryzen 7 3700U with Radeon Vega Mobile Gfx
    Motherboard
    ASUSTeK COMPUTER INC. X509DA (FP5)
    Memory
    12GB
    Graphics Card(s)
    RX Vega 10 Graphics
    Monitor(s) Displays
    Generic PnP Monitor (1920x1080@60Hz)
    Screen Resolution
    1920x1080@60Hz
    Hard Drives
    INTEL SSD 660p 512GB NVMe
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender
  • Operating System
    Windows 11
    Computer type
    Laptop
    Manufacturer/Model
    ACER
    CPU
    AMD Ryzen 7 5800H / 3.2 GHz
    Motherboard
    CZ Scala_CAS (FP6)
    Memory
    16 GB (2 x 8 GB) DDR4 SDRAM 3200 MHz
    Graphics card(s)
    NVIDIA GeForce RTX 3060 6 GB GDDR6 SDRAM
    Sound Card
    Realtek Audio. NVIDIA High Definition Audio
    Monitor(s) Displays
    15.6" LED backlight 1920 x 1080 (Full HD) 144 Hz
    Screen Resolution
    1920 x 1080 (Full HD)
    Hard Drives
    1.024 TB SSD M.2 2280 - Samsung
    PSU
    180 Watt, 19.5 V
    Mouse
    Logitech
    Internet Speed
    25 Mbps
    Browser
    Edge
    Antivirus
    Defender

jimbo45

Well-known member
Power User
VIP
Local time
9:17 AM
Posts
1,461
Location
Hafnarfjörður IS
OS
Windows XP,7,10,11 Linux Arch Linux
Hi folks

Does anybody actually use .chm files any more. Surely any sensible help documentation these days would use html so you could easily study the documentation in a browser while also running the application you wanted the documentation for. Not only that but it makes better sense as well as you could embed video / audio content as well if required if the product involved complex assembly or special connection instructions e.g some Mobos.

For legacy apps etc there's so many ways to run those safely that to me this thing is really either "Fake News" or of zero importance.

In any case there's nothing on my Windows machines that is of any value to anybody even if they were to break in. All my online shopping etc is done via a decently secured NAS system and on laptops when travelllng I always run Windows either from an external USB device or usually as a VM. I never use any work supplied laptops for home banking etc even though full Internet access is allowed.

Sometimes there's too much paranoia on security for domestic systems these days. Russian, Chinese ad N.Korean hackers aren't interested into breaking into "Mom, Pop, Grandad" computers but want to cause damage to infrastructure, disrupt a countries services, remove money from its banks, crash the Stock market etc etc.

Windows these days if you keep up with the regular updates (on the "standard i.e non insider editions" is perfectly safe for around 99.9999% of its users world wide. Where fraud is reported it's often caused by "Bog standard Scams" that have been around ever since Humans started trading but are easily avoidable with a bit of common sense.

Windows has moved on from XP and W7 days when Windows "Security" was a real joke.

cheers
jimbo
 
Last edited:

My Computer

System One

  • OS
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7
Top Bottom