It can give an attacker full access to the computer with the installed program. serjoznuju-ujazvimost-87d3303.jpg” alt=”A serious vulnerability has been discovered in the 7-Zip archiver for Windows” />
A serious vulnerability has been discovered in the free and open source archiver 7-Zip. It is able to provide an attacker with administrator-level access without the need to crack a password, using a combination of 7-Zip and Windows Help.
The video below shows how the user who discovered the vulnerability exploits it. It drags a fake .7z file that mimics a 7-Zip archive into the program's help window, allowing it to execute commands as an administrator. This gives you access to a higher level system and gives you access to programs and commands that would normally require a password.
This vulnerability is present in all versions of the application for Windows, the developers have not yet managed to close it. If this bothers you, you don't have to uninstall the program: you can only restrict its rights to read and execute only.