add proc_creation_win_7zip_cve_2022_29072

rules/windows/process_creation/proc_creation_win_7zip_cve_2022_29072.yml

@@ -0,0 +1,23 @@
+title: 7zip CVE-2022-29072
+id: 9a4ccd1a-3526-4d99-b980-9f9c5d3a6ee3
+status: experimental
+description: | 
+  7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area.
+  This is caused by misconfiguration of 7z.dll and a heap overflow.
+  The command runs in a child process under the 7zFM.exe process
+references:
+    - https://github.com/kagancapar/CVE-2022-29072
+    - https://twitter.com/kagancapar/status/1515219358234161153
+author: frack113
+date: 2022/04/17
+logsource:
+    product: windows
+    category: process_creation
+detection:
+    selection: 
+        Image|endswith: '\cmd.exe'
+        ParentImage|endswith: '\7zFM.exe'
+    condition: selection
+falsepositives:
+    - Unknown
+level: medium