Is this really a 7-zip issue, or is it a Microsoft issue?

[JudgeDreddKLC]

The mitigation steps don't quite make sense to me, because if someone really wanted to exploit this, they would just have to download the affected 7zip executable, the affected chm file, and the specifically crafted 7z file to any system, and voila. So that means there really is no mitigation to this other than, maybe, application blacklisting?

Am I missing something?

Expanding on the above, that means it would be far easier for someone to create a malicious dll file that explots the inherent vulnerability in Microsoft's CHM system, and then you have an exploit that doesn't depend on 7zip at all. This means that the vulnerability isn't really with 7zip at all, but with Microsoft, and there is no type of mitigation until Microsoft patches it.

[kagancapar]

actually there is an API call authorization problem here, not just on hh.exe. Our example is via the hh.exe file.

[brlin-tw]

API call authorization problem

Elaborate on the exact 7-Zip code that contains this problem.

[kagancapar]

The mitigation steps don't quite make sense to me, because if someone really wanted to exploit this, they would just have to download the affected 7zip executable, the affected chm file, and the specifically crafted 7z file to any system, and voila. So that means there really is no mitigation to this other than, maybe, application blacklisting?

Am I missing something?

Expanding on the above, that means it would be far easier for someone to create a malicious dll file that explots the inherent vulnerability in Microsoft's CHM system, and then you have an exploit that doesn't depend on 7zip at all. This means that the vulnerability isn't really with 7zip at all, but with Microsoft, and there is no type of mitigation until Microsoft patches it.

You are close to the solution. :)