Share
## https://sploitus.com/exploit?id=FE7493E4-7979-5083-8B70-91D9BE4FA27B
This repository is an exploit module for CVE-2022-29072, a privilege escalation vulnerability in 7-Zip through version 21.07 on Windows. The vulnerability allows an attacker to execute commands with elevated privileges when a file with the .7z extension is dragged to the Help>Contents area. The exploit creates a child process of 7zFM.exe, which is a legitimate 7-Zip component, and uses the HTML Helper API to execute a command with elevated privileges. The exploit bypasses the ActiveXObject warning and uses the psexec command to escalate privileges to the system level. The vulnerability is related to a heap-overflow in FzGM.exe, which is a component of 7-Zip, and the exploit uses a chm file to trigger the vulnerability. The exploit is not published until the update is passed due to community security concerns.