A serious vulnerability has been discovered in the free open source 7-Zip archiver. It is able to provide an attacker with administrator-level access without the need to crack the password, using a bundle of 7-Zip and Windows Help.
The video below shows how the user who discovered the vulnerability exploits it. He drags a fake file with an extension .7z, simulating a 7-Zip archive, in the help window of the program, which allows it to execute commands on behalf of the administrator. This gives access to a higher-level system and provides access to programs and commands that would normally require a password.
This vulnerability is present in all versions of the Windows application, the developers have not yet had time to close it. If this bothers you, it is not necessary to delete the program: you can only restrict its rights by allowing only reading and execution.
