CVE-2018-10172
First published: Mon Apr 16 2018(Updated: )
7-Zip through 18.01 on Windows implements the "Large memory pages" option by calling the LsaAddAccountRights function to add the SeLockMemoryPrivilege privilege to the user's account, which makes it easier for attackers to bypass intended access restrictions by using this privilege in the context of a sandboxed process.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| 7-zip 7-zip | <=18.01 | |
| <=18.01 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-10172?
CVE-2018-10172 is a vulnerability in 7-Zip through version 18.01 on Windows that allows attackers to bypass access restrictions.
What is the severity of CVE-2018-10172?
CVE-2018-10172 has a severity rating of 8.8 (high).
How does CVE-2018-10172 affect 7-Zip on Windows?
CVE-2018-10172 affects 7-Zip through version 18.01 on Windows by allowing attackers to bypass access restrictions.
How can I fix CVE-2018-10172 in 7-Zip?
To fix CVE-2018-10172 in 7-Zip, update to a version beyond 18.01.
Where can I find more information about CVE-2018-10172?
You can find more information about CVE-2018-10172 at the following link: https://sourceforge.net/p/sevenzip/discussion/45797/thread/e730c709/?limit=25&page=1#b240
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/references
- agent/severity
- agent/description
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/7-zip
- canonical/7-zip 7-zip
- version/7-zip 7-zip/18.01