Tag Archive for: Vulnerability

7-Zip zero-day vulnerability grants privilege escalation


PSA: A security researcher recently discovered a vulnerability in the file archiver 7-Zip that could grant attackers high privileges and let them execute code. Developers haven’t released a patch yet, but users can quickly nullify this security hole in the meantime.

Last week, researcher Kağan Çapar found and published a zero-day vulnerability in 7-Zip that can grant privilege escalation and command execution. Designated CVE-2022-29072, it affects Windows users running version 21.07 — the latest version as of now.

As the video below shows, an attacker with limited access to a system can activate the vulnerability by opening the “Help” window in 7-Zip under Help->Contents and dragging a file with the .7z extension into that window. Any file with that extension will work. It doesn’t have to be a real 7z archive.

By running a child process under the 7zFM.exe process, the vulnerability can elevate the attacker’s privileges and let them run commands on the target system. Çapar blames this on a misconfiguration in the file 7z.dll and heap overflow.

The Windows HTML helper file may also share some blame, as other programs can allow command execution through it. Çapar mentions a similar vulnerability that works through the Windows HTML helper file and WinRAR.

Deleting the file “7-zip.chm” in the 7-Zip root folder can mitigate the issue until devs patch it. It’s unclear when that will be.

Source…

Critical vulnerability in popular WordPress plugin exposes millions of sites to hacking


A critical vulnerability in a highly popular WordPress plugin has exposed millions of websites to hacking.

Discovered by researchers at Plugin Vulnerabilities and detailed April 12, the vulnerability was found in Elementor, a WordPress plugin that allows users to build websites with more than 5 million active installations. The vulnerability was found in version 3.6.0 of the plugin, introduced on March 22, with about a third of the sites using Elemantor to run the vulnerable version when the vulnerability was found.

The vulnerability is caused by an absence of a critical access check in one of the plugin’s files, which is loaded on every request, even if users are not logged in. Because the check does not occur, access to the file and hence the plugin is open to all and sundry, including bad actors.

Exploiting the vulnerability opens the door for anyone to make changes to the site, including uploading arbitrary files. As a result, hackers could exploit the vulnerability for remote code execution and takeover of a site running the plugin. “Based on just what we saw in our very limited checking, we would recommend not using this plugin until it has had a thorough security review and all issues are addressed,” the researchers noted.

The vulnerability has since been addressed in the latest update to Elementor version 3.6.3. Naturally, anyone running a WordPress install with Elementor  3.6.0 to 3.6.2 is encouraged to update to the latest version to address the critical vulnerability.

“WordPress powers as much as a third of all websites on the Internet, including some of the most highly trafficked sites and a large percentage of e-commerce sites, so why aren’t they better equipped to protect against attack?”  Pravin Madhani, co-founder and chief executive of application security platform provider K2 Cyber Security Inc., told SiliconANGLE. “In particular, RCE is one of the most dangerous flaws because it gives the attacker the ability to run almost any code on the hacked site.”

Madhani explained that traditional application security tools like Web Application Firewalls have difficulty in dealing with RCE attacks because they rely on understanding a past RCE…

Source…

Cyber Security weekly hacker news February 8 – 14,2022



Cyber Security Weekly hacker news March 28 – April 4, 2022