近日有新聞指 7-Zip 有個讓一般使用者獲取管理員權限的漏洞 CVE-2022-29072.

雖然具有爭議,不過還是記錄一下解決方法。

解決方法

因為目前官方沒有釋出新版本。所以可以參考 Tom’s Hardware 提供的兩個方法:

First method: If 7-zip does not update, deleting the 7-zip.chm file will be sufficient to close the vulnerability.
Second method: The 7-zip program should only have read and run permissions. (For all users)

即是把這那不知道有沒有人會去看的幫助文檔刪掉即可: C:\Program Files\7-Zip\7-zip.chm

References

https://www.ithome.com.tw/news/150502

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29072

https://www.tomshardware.com/news/7-zip-zero-day-exploit

Avatar photo

Recommended Posts

網站更新
詭秘之主
Adobe 線上移除背景工具
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments