7-Zip is an open source decompression software, mainly used on Microsoft Windows operating systems. 7-Zip’s authors released the first official version for Linux last March, allowing Linux users to use the official 7-Zip development to replace the ageing p7zip.

Recently, researcher Kağan Çapar discovered a vulnerability in 7-Zip that could lead to hackers being granted elevated privileges and executing arbitrary commands. The CVE ID of the vulnerability is CVE-2022-29072 and it affects all versions of 7-Zip, including the current version 21.07.

To trigger the vulnerability, users can simply drag the file with the .7z extension to the “Help > Contents” section of the 7-Zip software window, and see the GIF image below for the trigger method.

7-zip vulnerability

The vulnerability is caused by a misconfiguration and stack overflow in 7z.dll. After the software is installed, the files in the Help > Content area work through the Windows HTML Helper, but after a command injection is performed, a subprocess appears under 7zFM.exe, and the cmd.exe subprocess that is called up is granted administrator mode due to memory interactions with the 7z.dll file.

The developers of 7-Zip have not yet provided a software update to fix the vulnerability, and it is unclear when 7-Zip will address the issue. 7-Zip was last updated in December 2021.

Temporary workaround

Although no official update has been provided to fix the vulnerability, the vulnerability is caused by the 7-zip.chm file contained in the installation folder, so the temporary solution for now is to delete this affected file.

7-zip.chm

7-zip.chm is a help file that contains information on how to use and operate 7-Zip. Deleting this file does not result in a loss of functionality. After deletion, the help file will no longer open when the user selects Help > Contents in the 7-Zip file manager or presses the F1 key on the keyboard.

In order to delete the file, the folder of the zip program must be opened first. Normally, this file can be found under C:\\Programs\\\. After bringing up the “7-Zp” folder, you can simply delete the 7-zip.chm file by right-clicking on it. In addition to deleting the 7-zip.chm file, the user can also revoke the write permission of the 7-Zip program, allowing 7-Zip to run and read files only .