CVE-2018-10172
Published: 04/16/2018 22:29:00
7-Zip through 18.01 on Windows implements the "Large memory pages" option by calling the LsaAddAccountRights function to add the SeLockMemoryPrivilege privilege to the user's account, which makes it easier for attackers to bypass intended access restrictions by using this privilege in the context of a sandboxed process. Note: This has been disputed by 3rd parties who argue this is a valid feature of Windows.
HIGH
CVSS v3: 8.8
CVSS v3: 8.8
Status
| DocFilters Release | Package | State | Justification | Comment |
|---|---|---|---|---|
| 25.1 | 7-zip (23.01) | Not Affected | Protected By Compiler | The issue exists in the 7-zip desktop application and how it was compiled by the vendor. It does not impact the 7-zip/LZMA SDK which Document Filters consumes. |
| 24.4 | 7-zip (23.01) | Not Affected | Protected By Compiler | The issue exists in the 7-zip desktop application and how it was compiled by the vendor. It does not impact the 7-zip/LZMA SDK which Document Filters consumes. |
| 24.4.0 | 7-zip (23.01) | Not Affected | Protected By Compiler | The issue exists in the 7-zip desktop application and how it was compiled by the vendor. It does not impact the 7-zip/LZMA SDK which Document Filters consumes. |
| 24.3 | 7-zip (23.01) | Not Affected | Protected By Compiler | The issue exists in the 7-zip desktop application and how it was compiled by the vendor. It does not impact the 7-zip/LZMA SDK which Document Filters consumes. |
| 24.2.1 | 7-zip (23.01) | Not Affected | Protected By Compiler | The issue exists in the 7-zip desktop application and how it was compiled by the vendor. It does not impact the 7-zip/LZMA SDK which Document Filters consumes. |
| 24.2 | 7-zip (23.01) | Not Affected | Protected By Compiler | The issue exists in the 7-zip desktop application and how it was compiled by the vendor. It does not impact the 7-zip/LZMA SDK which Document Filters consumes. |
| 24.1 | 7-zip (23.01) | Not Affected | Protected By Compiler | The issue exists in the 7-zip desktop application and how it was compiled by the vendor. It does not impact the 7-zip/LZMA SDK which Document Filters consumes. |
| 23.3 | 7-zip (23.01) | Not Affected | Protected By Compiler | The issue exists in the 7-zip desktop application and how it was compiled by the vendor. It does not impact the 7-zip/LZMA SDK which Document Filters consumes. |
| 23.2.1 | 7-zip (17.01) | Not Affected | Protected By Compiler | The issue exists in the 7-zip desktop application and how it was compiled by the vendor. It does not impact the 7-zip/LZMA SDK which Document Filters consumes. |
| 23.2 | 7-zip (17.01) | Not Affected | Protected By Compiler | The issue exists in the 7-zip desktop application and how it was compiled by the vendor. It does not impact the 7-zip/LZMA SDK which Document Filters consumes. |
| 23.1 | 7-zip (17.01) | Not Affected | Protected By Compiler | The issue exists in the 7-zip desktop application and how it was compiled by the vendor. It does not impact the 7-zip/LZMA SDK which Document Filters consumes. |
| 22.4 | 7-zip (17.01) | Not Affected | Protected By Compiler | The issue exists in the 7-zip desktop application and how it was compiled by the vendor. It does not impact the 7-zip/LZMA SDK which Document Filters consumes. |
Severity score breakdown
Attack Complexity
LOW
Attack Vector
LOCAL
Availability Impact
HIGH
Base Score
8.8
Base Severity
HIGH
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Privileges Required
LOW
Scope
CHANGED
User Interaction
NONE
Vector String
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Version
3.0