Security restrictions bypass in 7-Zip - CVE-2018-10172
Published: April 20, 2018 / Updated: December 27, 2021
Vulnerability identifier: #VU12046
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2018-10172
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: 7-zip.org
Affected software:
7-Zip
7-Zip
Detailed vulnerability description
The vulnerability allows a local attacker to bypass security restrictions on the target system.
The weakness exists due to improper security restrictions when using the large memory pages option. When using this option, the SeLockMemoryPrivilege privilege is added to the current user account using the LsaAddAccountRights function, which allows other applications on the system access to that privilege. A local attacker can execute an application on the system, which can run with SeLockMemoryPrivilege privileges, and bypass access restrictions.
The weakness exists due to improper security restrictions when using the large memory pages option. When using this option, the SeLockMemoryPrivilege privilege is added to the current user account using the LsaAddAccountRights function, which allows other applications on the system access to that privilege. A local attacker can execute an application on the system, which can run with SeLockMemoryPrivilege privileges, and bypass access restrictions.
How to mitigate CVE-2018-10172
Install update from vendor's website.