[jmartinpetersen]

You need to drag the malicious .7z-file onto the 7Zip Help window. I don't know who is at fault, but that's a pretty weird intrusion vector.

[capableweb]

A vector is a vector :) Imagine someone with just user privilege to a machine needing admin access to install more pervasive RAT, this gives them a way.

[qwertyforce]

1. Send broken archive to victim

2. "You have to update 7zip to open this archive, you don't need to open any executables, just drag 7zipv0.99.7z to help window"

3. ????

4. Profit

[toxicFork]

Check out this cool Easter egg!

[m00dy]

indeed, but still a 0day :)

edit: I personally think the author did a great job finding & publishing it.

[rasz]

>vulnerability was caused by hh.exe, but they were told that if there was a command injection from hh.exe, a child process should be created under hh.exe, so especially the heap-overflow side of this vulnerability will not be shared with the community.

"Due to community security, it will not be published until the update is passed. Maybe it will never be published :)"

would hardly call this publishing

[MrStonedOne]

>edit: I personally think the author did a great job finding & publishing it.

Not really.

They seem to be implying they got to running a command as SYSTEM from 7-zip, but, like, don't specify things like what security context 7-zip started as, or how a program running as non-admin got to a system security context, or like, how that's 7zip's fault and not the fault of the OS.

This is all very confusing.

Even if all they did was took that screen shot from process explorer and expanded it to include the user column, it would be like 99% more clear what the fuck is going on.