www.techspot.com Open in urlscan Pro
151.139.128.11  Public Scan

Form analysis
3 forms found in the DOM

/search/

<form class="search_form" action="/search/" id="cse-search-box-header">
  <input type="hidden" name="cx" value="partner-pub-7395890353660701:j5claj-6kfy">
  <input type="hidden" name="cof" value="FORID:11">
  <input type="hidden" name="ie" value="UTF-8">
</form>

POST https://www.techspot.com/products/

<form action="https://www.techspot.com/products/" method="POST" id="form_search" autocomplete="off">
  <div class="pfmenuSideTitle">Search</div>
  <input class="ProdSearch" name="productsearch" id="productsearch" type="text" placeholder="Search product reviews &amp; price history">
</form>

POST //app.mailerlite.com/webforms/submit/v3t1x0

<form class="ml-block-form" action="//app.mailerlite.com/webforms/submit/v3t1x0" data-id="492661" data-code="v3t1x0" method="POST" rel="noopener" target="_blank">
  <div class="footitle"><label for="tsnlemail">Subscribe to the TechSpot Newsletter</label></div>
  <div class="form-email">
    <input type="email" id="tsnlemail" name="fields[email]" class="form-control email" placeholder="email address" value="" autocomplete="email" spellcheck="false" autocapitalize="off">
  </div>
  <div class="form-submit">
    <input type="hidden" name="ml-submit" value="1">
    <input type="submit" value="Subscribe" name="subscribe">
  </div>
</form>

Text Content

WE VALUE YOUR PRIVACY

We and our partners store and/or access information on a device, such as cookies
and process personal data, such as unique identifiers and standard information
sent by a device for personalised ads and content, ad and content measurement,
and audience insights, as well as to develop and improve products.
With your permission we and our partners may use precise geolocation data and
identification through device scanning. You may click to consent to our and our
partners’ processing as described above. Alternatively you may access more
detailed information and change your preferences before consenting or to refuse
consenting.
Please note that some processing of your personal data may not require your
consent, but you have a right to object to such processing. Your preferences
will apply to this website only. You can change your preferences at any time by
returning to this site or visit our privacy policy.
MORE OPTIONSAGREE
 * User loginUser iconLogin _
 * 
 * SearchA search icon
   

TechSpot logoThe word TechSpot

 * Trending
    * Gone But Not Forgotten
    * GeForce vs Radeon
    * Windows 11
    * Anatomy of Hardware
    * PC Buying Guide
    * GPU Prices

 * Features
    * Tech Culture
    * Must Reads
    * Hardware
    * Software
    * Gaming
    * Tips & Tricks

 * Reviews
    * CPU
    * Graphics Cards
    * Laptops
    * Storage
    * Monitors
    * More Reviews

 * The Best
    * Best Routers
    * Best Monitors
    * Best SSD
    * Best Cases
    * Best Keyboards
    * Best Mouse
    * Best PC Games

 * Downloads
    * Latest Updates
    * Popular Apps
    * Software We Recommend
    * Drivers

 * Video
 * Product Finder
   Search
 * Forums
    * Join TechSpot Elite
    * New Posts
    * Latest Comments



 * Software
 * Security
 * vulnerability


7-ZIP ZERO-DAY VULNERABILITY GRANTS PRIVILEGE ESCALATION


NOT YET PATCHED, BUT THERE'S A SIMPLE WORKAROUND

By Daniel Sims April 18, 2022, 3:56 PM

PSA: A security researcher recently discovered a vulnerability in the file
archiver 7-Zip that could grant attackers high privileges and let them execute
code. Developers haven't released a patch yet, but users can quickly nullify
this security hole in the meantime.

Last week, researcher Kağan Çapar found and published a zero-day vulnerability
in 7-Zip that can grant privilege escalation and command execution. Designated
CVE-2022-29072, it affects Windows users running version 21.07 — the latest
version as of now.

As the video below shows, an attacker with limited access to a system can
activate the vulnerability by opening the "Help" window in 7-Zip under
Help->Contents and dragging a file with the .7z extension into that window. Any
file with that extension will work. It doesn't have to be a real 7z archive.



By running a child process under the 7zFM.exe process, the vulnerability can
elevate the attacker's privileges and let them run commands on the target
system. Çapar blames this on a misconfiguration in the file 7z.dll and heap
overflow.

The Windows HTML helper file may also share some blame, as other programs can
allow command execution through it. Çapar mentions a similar vulnerability that
works through the Windows HTML helper file and WinRAR.

Deleting the file "7-zip.chm" in the 7-Zip root folder can mitigate the issue
until devs patch it. It's unclear when that will be.

6 comments 160 interactions
Share this article:






RELATED STORIES

 * White hats 'easily' crack a program that controls the world's power grids
 * Microsoft increases bug bounty awards for high-impact Microsoft 365 flaws
 * Nvidia hackers threaten to leak mining-limiter bypass algorithm, DLSS source
   code, more




POPULAR READS…

 * The Best Portable Apps for Your Software Toolbox
 * Ubisoft disables online functionality in 91 games, some purchases become
   inaccessible


TECHSPOT VIDEO: 11 GREAT FREE STEAM GAMES




Most Read
 * The Best Portable Apps for Your Software Toolbox
 * 30 comments
   
   Russian troops steal $5 million worth of John Deere farm vehicles from
   Ukraine, find they've been remotely disabled



Load Comments 6
...
User Comments: 6
Got something to say? Post a comment

Load all comments...
Discuss
 * 8
   Restore the previous version of 7z 005 file ?
 * 11
   Unable to download video portion of videos
 * 28
   Which anti virus do you recommend & why?
 * 9
   VPNs


 * Recently commented stories
 * Jump to forum mode


Add your comment to this article
You need to be a member to leave a comment. Join thousands of tech enthusiasts
and participate.
TechSpot Account
Sign up for free, it takes 30 seconds.
Already have an account? Login now.

Main Sections
 * Tech News
 * Features
 * Reviews
 * The Best
 * Downloads
 * Product Finder

Popular Features
 * Essential Apps for Windows & Mac
 * GPU Availability and Pricing Update
 * Core i5-12400 vs. Ryzen 5 5600X
 * Windows 11 Resources
 * Intel Core i7-12700H Review
 * Apple M1 Pro Review
 * Ultra vs. High Settings in PC Games

Top Downloads
 * Visual Studio
 * Minecraft Download
 * DS4Windows
 * MSI Afterburner
 * Cinebench
 * Kali Linux
 * OBS Studio

Subscribe to the TechSpot Newsletter


Follow TechSpot
 * 
 * 
 * 
 * 
 * 



TECHSPOT : Tech Enthusiasts, Power Users, Gamers

TechSpot is a registered trademark. About Us Ethics Statement Terms of Use
Privacy Policy Change Ad Consent Advertise

© 2022 TechSpot, Inc. All Rights Reserved.