Yair Mizrahi

Hello, I'd like to point out regarding CVE-2018-10172 that the latest version of 7-Zip is still vulnerable to it (v22.01 from 2022-07-27). The original report: https://sourceforge.net/p/sevenzip/discussion/45797/thread/e730c709/?page=1&limit=25#b240 The problem was that in order to use the Large Pagesfeature, 7-Zip added the SeLockMemoryPrivilege Windows Privilege to the current user account (using LsaAddAccountRights), which meant other processes (e.g. sandbox processes) could access this privilege...