CVE-2018-10172
Last modified
CVE-2018-10172 is a vulnerability of currently unknown severity. 7-Zip through 18.01 on Windows implements the "Large memory pages" option by calling the LsaAddAccountRights function to add the SeLockMemoryPrivilege privilege to the user's account, which makes it easier for attackers to bypass intended access restrictions by using this privilege in the context of a sandboxed process. Note: This has been disputed by 3rd parties who argue this is a valid feature of Windows.. EPSS estimates a 0.38% chance of exploitation in the next 30 days.
Description
7-Zip through 18.01 on Windows implements the "Large memory pages" option by calling the LsaAddAccountRights function to add the SeLockMemoryPrivilege privilege to the user's account, which makes it easier for attackers to bypass intended access restrictions by using this privilege in the context of a sandboxed process. Note: This has been disputed by 3rd parties who argue this is a valid feature of Windows.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| 7-Zip | 7-Zip | <= 18.01 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-10172?
How severe is CVE-2018-10172?
How do I fix CVE-2018-10172?
Are you affected by CVE-2018-10172?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST