CVE-2022-29072

HIGH

7-Zip <21.07 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 5 public exploits for CVE-2022-29072. PoCs published by kagancapar, sentinelblue, tiktb8.

AI-analyzed exploit summary This repository contains a detailed writeup in Turkish about CVE-2022-29072, a privilege escalation vulnerability in 7-Zip. The author describes the discovery process, exploitation technique involving a heap overflow and misuse of the HTML Help API, and a method to achieve SYSTEM privileges via psexec.

Description

7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area. This is caused by misconfiguration of 7z.dll and a heap overflow. The command runs in a child process under the 7zFM.exe process. NOTE: multiple third parties have reported that no privilege escalation can occur

Exploits (5)

nomisec WRITEUP 676 stars

by kagancapar · poc

https://github.com/kagancapar/CVE-2022-29072

View Code ZIP pw:eip

This repository contains a detailed writeup in Turkish about CVE-2022-29072, a privilege escalation vulnerability in 7-Zip. The author describes the discovery process, exploitation technique involving a heap overflow and misuse of the HTML Help API, and a method to achieve SYSTEM privileges via psexec.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Complex

Reliability

Theoretical

Target: 7-Zip (version not explicitly specified)

Auth required

Prerequisites: Access to a system with vulnerable 7-Zip installation · Ability to execute arbitrary files (e.g., via double-click) · Local user privileges

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WRITEUP 8 stars

by sentinelblue · poc

https://github.com/sentinelblue/CVE-2022-29072

View Code ZIP pw:eip

This repository provides a writeup and mitigation script for CVE-2022-29072, a potential privilege escalation vulnerability in 7-Zip through 21.07 on Windows. It includes a PowerShell script to remove the 7-zip.chm help file as a mitigation measure and Sentinel alerting rules for detection.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Theoretical

Target: 7-Zip through 21.07 on Windows

No auth needed

Prerequisites: 7-Zip installed on Windows · Access to drag and drop a file onto the 7-Zip help interface

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec SCANNER 6 stars

by tiktb8 · poc

https://github.com/tiktb8/CVE-2022-29072

View Code ZIP pw:eip

This repository contains a PowerShell script designed to detect and optionally mitigate vulnerable CHM files associated with CVE-2022-29072 in 7-Zip. The script checks file hashes against a list of known vulnerable hashes and can delete them if configured.

Classification

Scanner 90%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: 7-Zip (versions affected by CVE-2022-29072)

No auth needed

Prerequisites: Access to the file system where CHM files are stored · PowerShell execution privileges

MITRE ATT&CK

T1059.001 - PowerShell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WRITEUP 3 stars

by Phantomiman · poc

https://github.com/Phantomiman/7-Zip.chm-Mitigation

View Code ZIP pw:eip

This repository provides a PowerShell script to mitigate CVE-2022-29072 by removing the vulnerable 7-zip.chm file. The vulnerability allows privilege escalation and command execution via interaction with hh.exe on Windows.

Classification

Writeup 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: 7-Zip (Windows)

No auth needed

Prerequisites: 7-Zip installed in default location · Access to drag files to 7-Zip Help>Contents

MITRE ATT&CK