security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update proc_creation_win_7zip_cve_2022_29072.yml

Browse Source
This commit is contained in:
Florian Roth
2022-04-19 17:25:25 +02:00
committed by GitHub
parent 174a34a9eb
commit c05bfce733
1 changed files with 2 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
rules/windows/process_creation/proc_creation_win_7zip_cve_2022_29072.yml
+2 -5
View File
@@ -1,10 +1,7 @@
title: 7zip CVE-2022-29072
id: 9a4ccd1a-3526-4d99-b980-9f9c5d3a6ee3
status: experimental
description: |
7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area.
This is caused by misconfiguration of 7z.dll and a heap overflow.
The command runs in a child process under the 7zFM.exe process
description: 7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe process
references:
- https://github.com/kagancapar/CVE-2022-29072
- https://twitter.com/kagancapar/status/1515219358234161153
@@ -20,4 +17,4 @@ detection:
condition: selection
falsepositives:
- Unknown
level: medium
level: high