From c05bfce73339b490c8e22009d43284cb356a228a Mon Sep 17 00:00:00 2001
From: Florian Roth <venom14@gmail.com>
Date: Tue, 19 Apr 2022 17:25:25 +0200
Subject: [PATCH] Update proc_creation_win_7zip_cve_2022_29072.yml

---
 .../proc_creation_win_7zip_cve_2022_29072.yml              | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/rules/windows/process_creation/proc_creation_win_7zip_cve_2022_29072.yml b/rules/windows/process_creation/proc_creation_win_7zip_cve_2022_29072.yml
index b740e55f7..a7f279d48 100644
--- a/rules/windows/process_creation/proc_creation_win_7zip_cve_2022_29072.yml
+++ b/rules/windows/process_creation/proc_creation_win_7zip_cve_2022_29072.yml
@@ -1,10 +1,7 @@
 title: 7zip CVE-2022-29072
 id: 9a4ccd1a-3526-4d99-b980-9f9c5d3a6ee3
 status: experimental
-description: | 
-  7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area.
-  This is caused by misconfiguration of 7z.dll and a heap overflow.
-  The command runs in a child process under the 7zFM.exe process
+description: 7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe process
 references:
     - https://github.com/kagancapar/CVE-2022-29072
     - https://twitter.com/kagancapar/status/1515219358234161153
@@ -20,4 +17,4 @@ detection:
     condition: selection
 falsepositives:
     - Unknown
-level: medium
+level: high