{"vulnerability": "cve-2022-29072", "sightings": [{"uuid": "0090a61e-97bb-4fe9-a489-b4fb6de408ae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29072", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/1977", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1aPowershell to mitigate CVE-2022-29072\nURL\uff1ahttps://github.com/tiktb8/CVE-2022-29072\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-04-18T17:19:37.000000Z"}, {"uuid": "caf09f7a-33e1-4036-b240-2099ffa071fb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29072", "type": "published-proof-of-concept", "source": "https://t.me/GithubRedTeam/3608", "content": "GitHub\u76d1\u63a7\u6d88\u606f\u63d0\u9192\uff01\uff01\uff01\n\n\u66f4\u65b0\u4e86\uff1aCVE-2022\n\u63cf\u8ff0\uff1a7-Zip CVE-2022-29072 Mitigation - CHM file - This script detects if the .chm file exists and removes it.\nURL\uff1ahttps://github.com/Phantomiman/7-Zip.chm-mitigiation\n\n\u6807\u7b7e\uff1a#CVE-2022", "creation_timestamp": "2022-12-21T05:11:01.000000Z"}, {"uuid": "9107ec20-df72-4857-ab6f-58409137b100", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29072", "type": "published-proof-of-concept", "source": "https://t.me/OxC8HR/155", "content": "CVE-2022-29072 7-zip exploit: Command Execution &amp; LPE\n\nhttps://github.com/kagancapar/CVE-2022-29072", "creation_timestamp": "2022-04-19T17:41:20.000000Z"}, {"uuid": "e9c4f129-87aa-41ba-9664-88bfad704b98", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29072", "type": "published-proof-of-concept", "source": "Telegram/u1Q0QlOk9eBQyeNTVA53DY70bWoMCYNxneezyFGV2XIJaA", "content": "", "creation_timestamp": "2022-04-20T16:20:31.000000Z"}, {"uuid": "a6a295cb-4b10-4636-abf6-6a70d8854aea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29072", "type": "published-proof-of-concept", "source": "https://t.me/poxek/1350", "content": "CVE-2022-29072\n7-Zip 21.07 Windows \u0440\u0430\u0437\u0440\u0435\u0448\u0430\u0435\u0442 \u043f\u043e\u0432\u044b\u0448\u0435\u043d\u0438\u0435 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0438 \u0432\u044b\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a\u043e\u043c\u0430\u043d\u0434, \u043a\u043e\u0433\u0434\u0430 \u0444\u0430\u0439\u043b \u0441 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0435\u043c .7z \u043f\u0435\u0440\u0435\u0442\u0430\u0441\u043a\u0438\u0432\u0430\u0435\u0442\u0441\u044f \u0432 \u043e\u0431\u043b\u0430\u0441\u0442\u044c \u00ab\u0421\u043f\u0440\u0430\u0432\u043a\u0430\u00bb &gt; \u00ab\u0421\u043e\u0434\u0435\u0440\u0436\u0430\u043d\u0438\u0435\u00bb (0day)\nhttps://github.com/kagancapar/CVE-2022-29072\n\n\u0414\u043d\u0435\u0432\u043d\u0438\u043a \u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0438\u043a\u0430 \ud83d\udee1\ufe0f", "creation_timestamp": "2022-04-18T17:01:16.000000Z"}, {"uuid": "1a5b7b59-5a08-470c-a957-8a45acf026c8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29072", "type": "published-proof-of-concept", "source": "https://t.me/poxek/1349", "content": "CVE-2022-29072 \n7-zip exploit: Command Execution &amp; LPE\nhttps://github.com/kagancapar/CVE-2022-29072\n\n\u0414\u043d\u0435\u0432\u043d\u0438\u043a \u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0438\u043a\u0430 \ud83d\udee1", "creation_timestamp": "2022-04-18T15:00:33.000000Z"}, {"uuid": "071563d1-99c7-4373-9875-f2e1cee4d78a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29072", "type": "seen", "source": "https://t.me/poxek/1386", "content": "CVE-2022-29072 Windows Privilege Escalation\n\u25b6\ufe0f \u0418\u0441\u0442\u043e\u0447\u043d\u0438\u043a\n\n\u0414\u043d\u0435\u0432\u043d\u0438\u043a \u0411\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u0438\u043a\u0430 \ud83d\udee1", "creation_timestamp": "2022-04-25T05:01:46.000000Z"}, {"uuid": "c6725e8a-c1f5-4ef0-bfc0-f542fc3ab6c1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29072", "type": "published-proof-of-concept", "source": "https://t.me/technical_private_cat/288", "content": "\u0415\u0449\u0435 \u0440\u0430\u0437 \u0434\u043e\u0431\u0440\u044b\u0439 \u0434\u0435\u043d\u044c \u043c\u043e\u0438 \u0447\u0435\u0448\u0438\u0440\u0441\u043a\u0438\u0435 \u043a\u043e\u0442\u0438\u043a\u0438   \ud83d\udc08\ud83c\udfa9\n\n\u0412\u043e\u0442 \u0432\u0430\u043c \u043f\u043e\u0441\u0442-\u0441\u0431\u043e\u0440\u043d\u0438\u043a \u043f\u0440\u043e windows . \ud83c\udfaf\n\u0422\u043e\u0447\u043d\u0435\u0435 \u043f\u0440\u043e \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u044b \u0434\u043b\u044f \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u0435\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0435\u0439 ,\u0438  \u0438\u043d\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442\u044b \u0438 \u0441\u0442\u0430\u0442\u044c\u0438 \u043f\u043e \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u044d\u043d\u043d\u043e\u0439 .\n\u041f\u043e\u0441\u0442 \u0441\u0434\u0435\u043b\u0430\u043d \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e \u0432 \u043e\u0437\u043d\u0430\u043a\u043e\u043c\u0438\u0442\u0435\u043b\u044c\u043d\u044b\u0445 \u0446\u0435\u043b\u044f\u0445 \u0438 \u0434\u043b\u044f \u0443\u043b\u0443\u0447\u0448\u0435\u043d\u0438\u044f \u0432\u0430\u0448\u0435\u0439 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 . \n\n\u041d\u0430\u0434\u0435\u044e\u0441\u044c \u0432\u0430\u043c \u0431\u0443\u0434\u0435\u0442 \u043f\u043e\u043b\u0435\u0437\u043d\u043e:\nWindows-RCE-\u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u044b\nWindows-\u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u044b \u043d\u0430 \u043c\u043d\u043e\u0433\u0438\u0435 cve \u043e\u0442 2012 \u0434\u043e 2017\n\u042d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u044b \u043d\u0430 CVE-2022-21907 \u0435\u0449\u0435 \u0442\u044b\u043a \n\u042d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u044b \u043d\u0430 CVE-2022-21999\n\u042d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u044b \u043d\u0430 CVE-2022-29072\n\u0421\u0431\u043e\u0440\u043d\u0438\u043a \u0440\u0430\u0437\u043b\u0438\u0447\u043d\u044b\u0445 \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u043e\u0432 \u043d\u0430 cve 2022 \u0433\u043e\u0434\u0430\n\u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u043d\u0438\u0435 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u043e\u0442 Microsoft Security Response Center (MSRC)\nPrivatezilla -\u0438\u043d\u0442\u0441\u0442\u0440\u0443\u043c\u0435\u043d\u0442 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438\n\n\nGood afternoon again my Cheshire cats \ud83d\udc08\ud83c\udfa9\n\nHere's a post-collection for you about windows . \ud83c\udfaf\nMore precisely about the different exploits for its various vulnerabilities , and tools and articles on security enna .\nThis post is only for introductory purposes and to improve your security. \n\nI hope you will find it useful:\nWindows-RCE-exploits\nWindows exploits for many cve from 2012 to 2017 \nExploits for CVE-2022-21907 more link \nExploits for CVE-2022-21999\nExploits for CVE-2022-29072 \nA collection of various exploits for cve 2022\nSecurity research from Microsoft Security Response Center (MSRC)\nPrivatezilla security tool\n#windows #attacks #cve #exploit #polymorphic #pentest", "creation_timestamp": "2022-10-30T15:50:43.000000Z"}, {"uuid": "f81344dc-2e94-44ba-844f-4d36b9fe7b87", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29072", "type": "published-proof-of-concept", "source": "Telegram/t8XekzFSYa797Qegh7WjYTROBn_6FelD62O9E9hG4rdNwA4", "content": "", "creation_timestamp": "2022-04-19T16:29:34.000000Z"}, {"uuid": "dc749fb2-a0e5-4214-9ac5-e551556f11ce", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29072", "type": "published-proof-of-concept", "source": "https://t.me/MrVGunz/118", "content": "CVE-2022-29072 : 7-Zip &lt; 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension (0-day)\nhttps://github.com/kagancapar/CVE-2022-29072", "creation_timestamp": "2022-04-17T15:05:08.000000Z"}, {"uuid": "21536c02-34ce-4424-a7bb-a03b82961573", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29072", "type": "published-proof-of-concept", "source": "https://t.me/zero_day_uz/128", "content": "CVE-2022-29072 7-zip exploit: Command Execution &amp; LPE\n\nhttps://github.com/kagancapar/CVE-2022-29072\n\n#git #exploit #pentest\n\n\n\n@zero_day_uz", "creation_timestamp": "2022-06-25T14:45:42.000000Z"}, {"uuid": "770f28e2-ca0a-4372-902b-262ec1fa2820", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29072", "type": "seen", "source": "https://t.me/true_secator/2868", "content": "\u0412 \u0430\u0440\u0445\u0438\u0432\u0430\u0442\u043e\u0440\u0435 7-Zip \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\n\n\u2014 \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u0430\u0435\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e, \u0438\u043c\u0435\u044e\u0449\u0435\u043c\u0443 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u0435 \u043f\u0440\u0430\u0432\u0430 \u043d\u0430 \u041f\u041a, \u043f\u043e\u0434\u043d\u044f\u0442\u044c \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0434\u043e \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430.\n\n\u2014 \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2022-29072 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 Windows, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u044e 21.07 \u2013 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u044e\u044e \u043d\u0430 \u0434\u0430\u043d\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442.\n\n\u2014 \u0421\u043e\u0437\u0434\u0430\u0442\u0435\u043b\u0438 \u0430\u0440\u0445\u0438\u0432\u0430\u0442\u043e\u0440\u0430 \u043e\u0442\u043a\u0430\u0437\u0430\u043b\u0438\u0441\u044c \u043f\u0440\u0438\u0437\u043d\u0430\u0432\u0430\u0442\u044c \u0444\u0430\u043a\u0442 \u043d\u0430\u043b\u0438\u0447\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438. \u041e\u043d\u0438 \u0443\u043a\u0430\u0437\u0430\u043b\u0438, \u0447\u0442\u043e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043f\u0440\u043e\u0432\u043e\u0446\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u043c hh.exe, \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u043c Microsoft.\n\nhttps://www.securitylab.ru/news/531215.php", "creation_timestamp": "2022-04-20T15:47:04.000000Z"}, {"uuid": "91fbbcaa-5680-4284-a261-ac6609487d6b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29072", "type": "published-proof-of-concept", "source": "https://t.me/RalfHackerChannel/1196", "content": "CVE-2022-29072 7-zip exploit: Command Execution &amp; LPE\n\nhttps://github.com/kagancapar/CVE-2022-29072\n\n#git #exploit #pentest", "creation_timestamp": "2022-05-31T08:01:48.000000Z"}, {"uuid": "fb588056-0f19-4cc3-a1f2-a23832f97c39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29072", "type": "published-proof-of-concept", "source": "https://t.me/reconshell/1253", "content": "CVE-2022-29072 Windows Privilege Escalation\n\n#CVE-2022-29072 #PrivilegeEscalation #Windows #7z\n#Exploit #vulnerability #XXE #payload #CVE #DOS\n#PostExploitation #Hacking #Malware #Bugbounty\n\nhttps://reconshell.com/cve-2022-29072-windows-privilege-escalation/", "creation_timestamp": "2022-04-20T06:57:17.000000Z"}, {"uuid": "b1f7a16c-326f-4457-a288-a6784bcc836c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29072", "type": "published-proof-of-concept", "source": "Telegram/RPSDBGrNE5FgMZW_oBQNO3e7mVCo70dycLhViaxlPGnv3Lg", "content": "", "creation_timestamp": "2022-05-03T15:18:24.000000Z"}, {"uuid": "9dae7087-aea5-4280-9d9c-488ab61d0056", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29072", "type": "published-proof-of-concept", "source": "Telegram/RnGhglVRW4yp6rKZ5VF0h74j76POU3yEFXylMpUA1uGgjeE", "content": "", "creation_timestamp": "2023-01-10T09:15:28.000000Z"}, {"uuid": "29185080-7a3e-4a22-bb59-5f3fbedaec9b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29072", "type": "published-proof-of-concept", "source": "Telegram/7-FbXpiHrKqhLr20GhVoNgFybRsrUe6Ch8iQh87Z-xdlENs", "content": "", "creation_timestamp": "2022-04-18T09:17:26.000000Z"}, {"uuid": "1928c450-9736-4678-b85f-e5d69e51143c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29072", "type": "published-proof-of-concept", "source": "https://t.me/NeKaspersky/2132", "content": "0day \u0432 7zip \u043f\u043e\u0434 windows \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 \u0434\u043e \u0441\u0438\u0441\u0442\u0435\u043c\u044b\n\n\u0415\u0441\u043b\u0438 \u043a\u0442\u043e \u043d\u0435 \u0441\u043b\u044b\u0448\u0430\u043b, 7zip \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f (\u0432\u0435\u0441\u044c\u043c\u0430 \u0443\u0434\u043e\u0431\u043d\u044b\u043c, \u043d\u0430\u0434\u043e \u0441\u043a\u0430\u0437\u0430\u0442\u044c) FOSS-\u0430\u0440\u0445\u0438\u0432\u0430\u0442\u043e\u0440\u043e\u043c, \u0447\u0442\u043e \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u0431\u0435\u0437 \u043f\u043e\u0442\u0435\u043d\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u043f\u0440\u043e\u0431\u043b\u0435\u043c \u0441 \u0437\u0430\u043a\u043e\u043d\u043e\u043c \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u044c \u0435\u0433\u043e \u0432 \u043a\u043e\u043c\u043c\u0435\u0440\u0447\u0435\u0441\u043a\u0438\u0445 \u0446\u0435\u043b\u044f\u0445 \u0441\u043e\u0432\u0435\u0440\u0448\u0435\u043d\u043d\u043e \u0431\u0435\u0441\u043f\u043b\u0430\u0442\u043d\u043e.\n\n\u0411\u0430\u0433 CVE-2022-29072 \u0432\u044b\u0437\u0432\u0430\u043d \u043d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u043e\u0439 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u043e\u0439 \u043f\u0440\u0430\u0432 \u0434\u043b\u044f 7z.dll \u0438 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u043a\u0443\u0447\u0438. \u0412 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u043d\u043e\u043c PoC-\u0432\u0438\u0434\u0435\u043e \u0430\u0432\u0442\u043e\u0440 \u043f\u0435\u0440\u0435\u0442\u0430\u0441\u043a\u0438\u0432\u0430\u0435\u0442 \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u044b\u0439 \u0438\u043c .7z \u0444\u0430\u0439\u043b \u0432 \u043e\u043a\u043d\u043e Help \u2192 Contents, \u0438 \u0430\u0440\u0445\u0438\u0432\u0430\u0442\u043e\u0440 \u0441\u043f\u0430\u0432\u043d\u0438\u0442 cmd, \u0437\u0430\u043f\u0443\u0449\u0435\u043d\u043d\u044b\u0439 \u0441 \u043f\u0440\u0430\u0432\u0430\u043c\u0438 system*. 0day \u043f\u043e\u043a\u0430 \u043d\u0435 \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d, \u0442\u0430\u043a \u0447\u0442\u043e \u043f\u043e\u043b\u043d\u044b\u0439 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u044b\u0439 \u0434\u043e\u0441\u0442\u0443\u043f \u043d\u0435 \u0432\u044b\u043b\u043e\u0436\u0435\u043d.\n\n\u0420\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 7-zip \u0441\u0447\u0438\u0442\u0430\u044e\u0442, \u0447\u0442\u043e \u0431\u0430\u0433 \u0432\u044b\u0437\u0432\u0430\u043d \u043c\u0430\u0439\u043a\u0440\u043e\u0441\u043e\u0444\u0442\u043e\u0432\u0441\u043a\u0438\u043c hh.exe (\u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043e\u0442\u043e\u0431\u0440\u0430\u0436\u0430\u0435\u0442 \u043e\u043a\u043d\u043e \u0441\u043f\u0440\u0430\u0432\u043a\u0438): \u0432 \u0441\u043e\u0444\u0442, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0438\u0439 \u044d\u0442\u043e\u0442 \u043c\u0435\u0445\u0430\u043d\u0438\u0437\u043c, \u0438 \u0440\u0430\u043d\u044c\u0448\u0435 \u043d\u0430\u0445\u043e\u0434\u0438\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u044b\u043c \u043a command injection (\u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u0431\u044b\u043b\u043e \u0441 WinRAR). \u0421 \u0434\u0440\u0443\u0433\u043e\u0439 \u0441\u0442\u043e\u0440\u043e\u043d\u044b, \u0435\u0441\u043b\u0438 \u0431\u044b \u044d\u0442\u043e \u0431\u044b\u043b\u043e \u0442\u0430\u043a, cmd \u0431\u044b\u043b \u0431\u044b \u0434\u043e\u0447\u0435\u0440\u043d\u0438\u043c \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u043c hh.exe, \u0430 \u043d\u0435 \u0430\u0440\u0445\u0438\u0432\u0430\u0442\u043e\u0440\u0430. \u0422\u0430\u043a\u0436\u0435 \u0432 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0433\u043e\u0432\u043e\u0440\u0438\u0442\u0441\u044f, \u0447\u0442\u043e \u0432\u043d\u0435\u0434\u0440\u0435\u043d\u043d\u044b\u0439 \u043a\u043e\u0434 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442\u0441\u044f \u043e\u0442 \u0430\u0434\u043c\u0438\u043d\u0430 \u0438\u043c\u0435\u043d\u043d\u043e \u0431\u043b\u0430\u0433\u043e\u0434\u0430\u0440\u044f \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u044e \u043a\u0443\u0447\u0438 \u0432 7zFM.exe.\n\n\u041d\u0430 \u0441\u043b\u0443\u0447\u0430\u0439, \u0435\u0441\u043b\u0438 \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 7zip \u043e\u0442\u043a\u0430\u0436\u0443\u0442\u0441\u044f \u0444\u0438\u043a\u0441\u0438\u0442\u044c \u0431\u0430\u0433\u0443, \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0435\u0435 \u043c\u043e\u0436\u043d\u043e, \u043d\u0430\u043f\u0440\u0438\u043c\u0435\u0440, \u0443\u0434\u0430\u043b\u0438\u0432 7-zip.chm.\n\n*\u041e\u0442 \u0430\u0434\u043c\u0438\u043d\u0430 \u0434\u043e \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0432\u043f\u043e\u043b\u043d\u0435 \u043b\u0435\u0433\u0430\u043b\u044c\u043d\u043e \u043f\u043e\u0432\u044b\u0441\u0438\u043b\u0438\u0441\u044c \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0443\u0442\u0438\u043b\u0438\u0442\u044b Sysinternals psexec.\n\n@NeKaspersky", "creation_timestamp": "2022-04-18T23:33:11.000000Z"}, {"uuid": "67126bde-7758-4b5d-8012-0df1e1012693", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29072", "type": "seen", "source": "https://t.me/cibsecurity/40967", "content": "\u203c CVE-2022-29072 \u203c\n\n7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help&gt;Contents area.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-04-16T00:20:23.000000Z"}, {"uuid": "67dae4d5-83c1-4b12-bb7e-cd5e88871da0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29072", "type": "seen", "source": "https://t.me/BlueRedTeam/2556", "content": "#CVE-2022\n7-Zip CVE-2022-29072 Mitigation - CHM file - This script detects if the .chm file exists and removes it.\n\nhttps://github.com/Phantomiman/7-Zip.chm-mitigiation\n\n#CVE-2022\nPoC for Acronis Arbitrary File Read - CVE-2022-45451\nhttps://github.com/alfarom256/CVE-2022-45451\n\n#webshell\nwebshell alfa php\n\nhttps://github.com/xstro04002/alfa-shell\n\nCVE-2022-25765 pdfkit &lt;0.8.6 command injection.\n\nhttps://github.com/shamo0/PDFkit-CMD-Injection\n\nGet root on macOS 13.0.1 with CVE-2022-46689 (macOS equivalent of the Dirty Cow bug), using the testcase extracted from Apple's XNU source.\n\nhttps://github.com/Conradoduart3/Nft-Grabber-Stealer-Exploit-Cve-2022-Steal-BlockHain-Hack-Nft\n\n@BlueRedTeam", "creation_timestamp": "2023-01-10T19:38:54.000000Z"}, {"uuid": "baf29beb-8c3a-4116-9f70-8922b67dbf58", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29072", "type": "published-proof-of-concept", "source": "https://t.me/BlueRedTeam/1947", "content": "#exploit\n\n+ CVE-2022-26809:\nWeakness in a core Windows 7/10/Server2019/2022 component (RPC)\nhttps://github.com/XmasSnow/CVE-2022-26809-RCE\n\n+ CVE-2022-29072:\n7-Zip &lt;21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help&gt;Contents area (0-day)\nhttps://github.com/kagancapar/CVE-2022-29072\n\n@BlueRedTeam", "creation_timestamp": "2022-04-17T08:35:15.000000Z"}, {"uuid": "8478e7ac-4e9e-404c-bb66-c4ff30a2248c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29072", "type": "published-proof-of-concept", "source": "https://t.me/CNArsenal/43", "content": "https://github.com/kagancapar/CVE-2022-29072", "creation_timestamp": "2022-12-16T01:29:24.000000Z"}, {"uuid": "45505f22-07f7-40f1-9314-be5bd0a22d32", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29072", "type": "seen", "source": "https://t.me/SecLabNews/11981", "content": "\u0412 \u0430\u0440\u0445\u0438\u0432\u0430\u0442\u043e\u0440\u0435 7-Zip \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0430 \u0441\u0435\u0440\u044c\u0435\u0437\u043d\u0430\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c\n\n\u2014 \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0431\u0435\u0437\u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0434\u0430\u0435\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044e, \u0438\u043c\u0435\u044e\u0449\u0435\u043c\u0443 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u043d\u044b\u0435 \u043f\u0440\u0430\u0432\u0430 \u043d\u0430 \u041f\u041a, \u043f\u043e\u0434\u043d\u044f\u0442\u044c \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0439 \u0434\u043e \u0430\u0434\u043c\u0438\u043d\u0438\u0441\u0442\u0440\u0430\u0442\u043e\u0440\u0430.\n\n\u2014 \u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c CVE-2022-29072 \u0437\u0430\u0442\u0440\u0430\u0433\u0438\u0432\u0430\u0435\u0442 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0435\u0439 Windows, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0449\u0438\u0445 \u0432\u0435\u0440\u0441\u0438\u044e 21.07 \u2013 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u044e\u044e \u043d\u0430 \u0434\u0430\u043d\u043d\u044b\u0439 \u043c\u043e\u043c\u0435\u043d\u0442.\n\n\u2014 \u0421\u043e\u0437\u0434\u0430\u0442\u0435\u043b\u0438 \u0430\u0440\u0445\u0438\u0432\u0430\u0442\u043e\u0440\u0430 \u043e\u0442\u043a\u0430\u0437\u0430\u043b\u0438\u0441\u044c \u043f\u0440\u0438\u0437\u043d\u0430\u0432\u0430\u0442\u044c \u0444\u0430\u043a\u0442 \u043d\u0430\u043b\u0438\u0447\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438. \u041e\u043d\u0438 \u0443\u043a\u0430\u0437\u0430\u043b\u0438, \u0447\u0442\u043e \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043f\u0440\u043e\u0432\u043e\u0446\u0438\u0440\u0443\u0435\u0442\u0441\u044f \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u043e\u043c hh.exe, \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u043c Microsoft.\n\nhttps://www.securitylab.ru/news/531215.php", "creation_timestamp": "2022-04-19T21:01:21.000000Z"}, {"uuid": "8c42b2c9-97d5-4572-935c-4bd9d0a95eae", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29072", "type": "seen", "source": "https://t.me/sysodmins/14606", "content": "\u200b\u200b\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432 7-Zip, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438 SYSTEM \u0432 Windows\n\n\u0412 \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u043c \u0430\u0440\u0445\u0438\u0432\u0430\u0442\u043e\u0440\u0435 7-Zip \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0430 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c (CVE-2022-29072), \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0441 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 SYSTEM \u0447\u0435\u0440\u0435\u0437 \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u0435 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u043e\u0444\u043e\u0440\u043c\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0444\u0430\u0439\u043b\u0430 \u0441 \u0440\u0430\u0441\u0448\u0438\u0440\u0435\u043d\u0438\u0435\u043c .7z \u0432 \u043e\u0431\u043b\u0430\u0441\u0442\u044c c \u043f\u043e\u0434\u0441\u043a\u0430\u0437\u043a\u043e\u0439, \u043f\u043e\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c\u043e\u0439 \u043f\u0440\u0438 \u043e\u0442\u043a\u0440\u044b\u0442\u0438\u0438 \u043c\u0435\u043d\u044e \"Help&gt;Contents\". \u041f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u043f\u0440\u043e\u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u043d\u0430 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 Windows.\n\n\u041f\u0440\u0438\u043c\u0435\u0447\u0430\u0442\u0435\u043b\u044c\u043d\u043e, \u0447\u0442\u043e \u0440\u0430\u0437\u0440\u0430\u0431\u043e\u0442\u0447\u0438\u043a\u0438 7-Zip \u043d\u0435 \u043f\u0440\u0438\u0437\u043d\u0430\u043b\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438 \u0437\u0430\u044f\u0432\u0438\u043b\u0438, \u0447\u0442\u043e \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u043e\u043c \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043f\u0440\u043e\u0446\u0435\u0441\u0441 Microsoft HTML Helper, \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u044e\u0449\u0438\u0439 \u043a\u043e\u0434 \u043f\u0440\u0438 \u043f\u0435\u0440\u0435\u043c\u0435\u0449\u0435\u043d\u0438\u0438 \u0444\u0430\u0439\u043b\u0430. \u0418\u0441\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c, \u0432\u044b\u044f\u0432\u0438\u0432\u0448\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c, \u0441\u0447\u0438\u0442\u0430\u0435\u0442, \u0447\u0442\u043e hh.exe \u043b\u0438\u0448\u044c \u043a\u043e\u0441\u0432\u0435\u043d\u043d\u043e \u0443\u0447\u0430\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438, \u0430 \u0443\u043a\u0430\u0437\u0430\u043d\u043d\u0430\u044f \u0432 \u044d\u043a\u0441\u043f\u043b\u043e\u0438\u0442\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u0430 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u0442\u0441\u044f \u0432 7zFM.exe \u043a\u0430\u043a \u0434\u043e\u0447\u0435\u0440\u043d\u0438\u0439 \u043f\u0440\u043e\u0446\u0435\u0441\u0441. \u041f\u0440\u0438\u0447\u0438\u043d\u0430\u043c\u0438 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u043f\u0440\u043e\u0432\u0435\u0434\u0435\u043d\u0438\u044f \u0430\u0442\u0430\u043a\u0438 \u0447\u0435\u0440\u0435\u0437 \u043f\u043e\u0434\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0443 \u043a\u043e\u043c\u0430\u043d\u0434 (command injection) \u043d\u0430\u0437\u044b\u0432\u0430\u044e\u0442\u0441\u044f \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0440\u043e\u0446\u0435\u0441\u0441\u0435 7zFM.exe \u0438 \u043d\u0435\u0432\u0435\u0440\u043d\u0430\u044f \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430 \u043f\u0440\u0430\u0432 \u0434\u043b\u044f \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 7z.dll.\n\n\u0422\u0430\u043a \u043a\u0430\u043a \u0438\u0441\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u043e\u043a\u0430 \u043d\u0435 \u043e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u044b \u0432 \u043a\u0430\u0447\u0435\u0441\u0442\u0432\u0435 \u043e\u0431\u0445\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0443\u0442\u0438 \u0437\u0430\u0449\u0438\u0442\u044b \u043f\u0440\u0435\u0434\u043b\u0430\u0433\u0430\u0435\u0442\u0441\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0442\u044c \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u0435 7-zip \u0434\u043e\u0441\u0442\u0443\u043f \u0442\u043e\u043b\u044c\u043a\u043e \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c\u044e \u0447\u0442\u0435\u043d\u0438\u044f \u0438 \u0437\u0430\u043f\u0443\u0441\u043a\u0430.", "creation_timestamp": "2022-04-18T22:15:57.000000Z"}, {"uuid": "cba6baab-b9b8-4353-a58d-94846d31c254", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-29072", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/5824", "content": "#exploit\n1. CVE-2022-26809:\nWeakness in a core Windows 7/10/Server2019/2022 component (RPC)\nhttps://github.com/XmasSnow/CVE-2022-26809-RCE\n\n2. CVE-2022-29072:\n7-Zip &lt;21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help&gt;Contents area (0-day)\nhttps://github.com/kagancapar/CVE-2022-29072", "creation_timestamp": "2022-04-17T13:42:19.000000Z"}]}